From f107af4955d39eed3abff1b185715bf16f355248 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 6 Mar 2025 17:28:14 -0500 Subject: [PATCH 01/15] WIP:DNM: Bpfman operator APIs review Signed-off-by: Mohamed Mahmoud --- .../v1alpha1/bpf_application_state_types.go | 135 ++ .../apis/v1alpha1/bpf_application_types.go | 100 + .../cluster_bpf_application_state_types.go | 167 ++ .../v1alpha1/cluster_bpf_application_types.go | 166 ++ .../v1alpha1/cluster_fentry_program_types.go | 56 + .../v1alpha1/cluster_fexit_program_types.go | 56 + .../v1alpha1/cluster_kprobe_program_types.go | 62 + .../apis/v1alpha1/cluster_tc_program_types.go | 100 + .../v1alpha1/cluster_tcx_program_types.go | 85 + .../cluster_tracepoint_program_types.go | 52 + .../v1alpha1/cluster_uprobe_program_types.go | 89 + .../v1alpha1/cluster_xdp_program_types.go | 90 + bpfman-operator/apis/v1alpha1/doc.go | 21 + bpfman-operator/apis/v1alpha1/shared_types.go | 383 ++++ .../apis/v1alpha1/tc_program_types.go | 94 + .../apis/v1alpha1/tcx_program_types.go | 82 + .../apis/v1alpha1/uprobe_program_types.go | 87 + .../apis/v1alpha1/xdp_program_types.go | 84 + .../apis/v1alpha1/zz_generated.deepcopy.go | 1839 +++++++++++++++++ .../apis/v1alpha1/zz_generated.register.go | 76 + 20 files changed, 3824 insertions(+) create mode 100644 bpfman-operator/apis/v1alpha1/bpf_application_state_types.go create mode 100644 bpfman-operator/apis/v1alpha1/bpf_application_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/doc.go create mode 100644 bpfman-operator/apis/v1alpha1/shared_types.go create mode 100644 bpfman-operator/apis/v1alpha1/tc_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/tcx_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/uprobe_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/xdp_program_types.go create mode 100644 bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go create mode 100644 bpfman-operator/apis/v1alpha1/zz_generated.register.go diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go new file mode 100644 index 00000000000..cdfa0290b87 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go @@ -0,0 +1,135 @@ +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + metav1types "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// BpfApplicationProgramState defines the desired state of BpfApplication +// +union +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'xdp' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tc' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tcx' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcx configuration is required when type is TCtcxX, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +type BpfApplicationProgramState struct { + BpfProgramStateCommon `json:",inline"` + + // Type specifies the bpf program type + // +unionDiscriminator + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum:="xdp";"tc";"tcx";"uprobe";"uretprobe" + Type EBPFProgType `json:"type,omitempty"` + + // xdp defines the desired state of the application's XdpPrograms. + // +unionMember + // +optional + XDPInfo *XdpProgramInfoState `json:"xdpInfo,omitempty"` + + // tc defines the desired state of the application's TcPrograms. + // +unionMember + // +optional + TCInfo *TcProgramInfoState `json:"tcInfo,omitempty"` + + // tcx defines the desired state of the application's TcxPrograms. + // +unionMember + // +optional + TCXInfo *TcxProgramInfoState `json:"tcxInfo,omitempty"` + + // uprobe defines the desired state of the application's UprobePrograms. + // +unionMember + // +optional + UprobeInfo *UprobeProgramInfoState `json:"uprobeInfo,omitempty"` + + // uretprobe defines the desired state of the application's UretprobePrograms. + // +unionMember + // +optional + UretprobeInfo *UprobeProgramInfoState `json:"uretprobeInfo,omitempty"` +} + +// BpfApplicationSpec defines the desired state of BpfApplication +type BpfApplicationStateSpec struct { + // Node is the name of the node for this BpfApplicationStateSpec. + Node string `json:"node"` + // The number of times the BpfApplicationState has been updated. Set to 1 + // when the object is created, then it is incremented prior to each update. + // This allows us to verify that the API server has the updated object prior + // to starting a new Reconcile operation. + UpdateCount int64 `json:"updateCount"` + // AppLoadStatus reflects the status of loading the bpf application on the + // given node. + AppLoadStatus AppLoadStatus `json:"appLoadStatus"` + // Programs is a list of bpf programs contained in the parent application. + // It is a map from the bpf program name to BpfApplicationProgramState + // elements. + Programs []BpfApplicationProgramState `json:"programs,omitempty"` +} + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Namespaced + +// BpfApplicationState contains the per-node state of a BpfApplication. +// +kubebuilder:printcolumn:name="Node",type=string,JSONPath=".spec.node" +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +type BpfApplicationState struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec BpfApplicationStateSpec `json:"spec,omitempty"` + Status BpfAppStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// BpfApplicationStateList contains a list of BpfApplicationState objects +type BpfApplicationStateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []BpfApplicationState `json:"items"` +} + +func (an BpfApplicationState) GetName() string { + return an.Name +} + +func (an BpfApplicationState) GetUID() metav1types.UID { + return an.UID +} + +func (an BpfApplicationState) GetAnnotations() map[string]string { + return an.Annotations +} + +func (an BpfApplicationState) GetLabels() map[string]string { + return an.Labels +} + +func (an BpfApplicationState) GetStatus() *BpfAppStatus { + return &an.Status +} + +func (an BpfApplicationState) GetClientObject() client.Object { + return &an +} + +func (anl BpfApplicationStateList) GetItems() []BpfApplicationState { + return anl.Items +} diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_types.go new file mode 100644 index 00000000000..0af70180c62 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/bpf_application_types.go @@ -0,0 +1,100 @@ +/* +Copyright 2024 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// BpfApplicationProgram defines the desired state of BpfApplication +// +union +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'xdp' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tc' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tcx' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" +type BpfApplicationProgram struct { + // Name is the name of the function that is the entry point for the BPF + // program + Name string `json:"name"` + + // Type specifies the bpf program type + // +unionDiscriminator + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum:="xdp";"tc";"tcx";"uprobe";"uretprobe" + Type EBPFProgType `json:"type,omitempty"` + + // xdp defines the desired state of the application's XdpPrograms. + // +unionMember + // +optional + XDPInfo *XdpProgramInfo `json:"xdpInfo,omitempty"` + + // tc defines the desired state of the application's TcPrograms. + // +unionMember + // +optional + TCInfo *TcProgramInfo `json:"tcInfo,omitempty"` + + // tcx defines the desired state of the application's TcxPrograms. + // +unionMember + // +optional + TCXInfo *TcxProgramInfo `json:"tcxInfo,omitempty"` + + // uprobe defines the desired state of the application's UprobePrograms. + // +unionMember + // +optional + UprobeInfo *UprobeProgramInfo `json:"uprobeInfo,omitempty"` + + // uretprobe defines the desired state of the application's UretprobePrograms. + // +unionMember + // +optional + UretprobeInfo *UprobeProgramInfo `json:"uretprobeInfo,omitempty"` +} + +// BpfApplicationSpec defines the desired state of BpfApplication +type BpfApplicationSpec struct { + BpfAppCommon `json:",inline"` + + // Programs is the list of bpf programs in the BpfApplication that should be + // loaded. The application can selectively choose which program(s) to run + // from this list based on the optional attach points provided. + // +kubebuilder:validation:MinItems:=1 + Programs []BpfApplicationProgram `json:"programs,omitempty"` +} + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Namespaced + +// BpfApplication is the Schema for the bpfapplications API +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +type BpfApplication struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec BpfApplicationSpec `json:"spec,omitempty"` + Status BpfAppStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// BpfApplicationList contains a list of BpfApplications +type BpfApplicationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []BpfApplication `json:"items"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go new file mode 100644 index 00000000000..7f987e9c249 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go @@ -0,0 +1,167 @@ +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + metav1types "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// ClBpfApplicationProgramState defines the desired state of BpfApplication +// +union +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'xdp' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tc' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tcx' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'fentry' ? has(self.fentryInfo) : !has(self.fentryInfo)",message="fentryInfo configuration is required when type is fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'fexit' ? has(self.fexitInfo) : !has(self.fexitInfo)",message="fexitInfo configuration is required when type is fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'kprobe' ? has(self.kprobeInfo) : !has(self.kprobeInfo)",message="kprobeInfo configuration is required when type is kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'kretprobe' ? has(self.kretprobeInfo) : !has(self.kretprobeInfo)",message="kretprobeInfo configuration is required when type is kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uretprobe' ? has(self.uretprobeInfo) : !has(self.uretprobeInfo)",message="uretprobeInfo configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tracepoint' ? has(self.tracepointInfo) : !has(self.tracepointInfo)",message="tracepointInfo configuration is required when type is tracepoint, and forbidden otherwise" +type ClBpfApplicationProgramState struct { + BpfProgramStateCommon `json:",inline"` + // Type specifies the bpf program type + // +unionDiscriminator + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum:="xdp";"tc";"tcx";"fentry";"fexit";"kprobe";"kretprobe";"uprobe";"uretprobe";"tracepoint" + + Type EBPFProgType `json:"type,omitempty"` + + // xdp defines the desired state of the application's XdpPrograms. + // +unionMember + // +optional + XDPInfo *ClXdpProgramInfoState `json:"xdpInfo,omitempty"` + + // tc defines the desired state of the application's TcPrograms. + // +unionMember + // +optional + TCInfo *ClTcProgramInfoState `json:"tcInfo,omitempty"` + + // tcx defines the desired state of the application's TcxPrograms. + // +unionMember + // +optional + TCXInfo *ClTcxProgramInfoState `json:"tcxInfo,omitempty"` + + // fentry defines the desired state of the application's FentryPrograms. + // +unionMember + // +optional + FentryInfo *ClFentryProgramInfoState `json:"fentryInfo,omitempty"` + + // fexit defines the desired state of the application's FexitPrograms. + // +unionMember + // +optional + FexitInfo *ClFexitProgramInfoState `json:"fexitInfo,omitempty"` + + // kprobe defines the desired state of the application's KprobePrograms. + // +unionMember + // +optional + KprobeInfo *ClKprobeProgramInfoState `json:"kprobeInfo,omitempty"` + + // kprobe defines the desired state of the application's KprobePrograms. + // +unionMember + // +optional + KretprobeInfo *ClKprobeProgramInfoState `json:"kretprobeInfo,omitempty"` + + // uprobe defines the desired state of the application's UprobePrograms. + // +unionMember + // +optional + UprobeInfo *ClUprobeProgramInfoState `json:"uprobeInfo,omitempty"` + + // uretprobe defines the desired state of the application's UretprobePrograms. + // +unionMember + // +optional + UretprobeInfo *ClUprobeProgramInfoState `json:"uretprobeInfo,omitempty"` + + // tracepoint defines the desired state of the application's TracepointPrograms. + // +unionMember + // +optional + TracepointInfo *ClTracepointProgramInfoState `json:"tracepointInfo,omitempty"` +} + +// BpfApplicationSpec defines the desired state of BpfApplication +type ClBpfApplicationStateSpec struct { + // Node is the name of the node for this BpfApplicationStateSpec. + Node string `json:"node"` + // The number of times the BpfApplicationState has been updated. Set to 1 + // when the object is created, then it is incremented prior to each update. + // This allows us to verify that the API server has the updated object prior + // to starting a new Reconcile operation. + UpdateCount int64 `json:"updateCount"` + // AppLoadStatus reflects the status of loading the bpf application on the + // given node. + AppLoadStatus AppLoadStatus `json:"appLoadStatus"` + // Programs is a list of bpf programs contained in the parent application. + // It is a map from the bpf program name to BpfApplicationProgramState + // elements. + Programs []ClBpfApplicationProgramState `json:"programs,omitempty"` +} + +// +genclient +// +genclient:nonNamespaced +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster + +// ClusterBpfApplicationState contains the per-node state of a BpfApplication. +// +kubebuilder:printcolumn:name="Node",type=string,JSONPath=".spec.node" +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +type ClusterBpfApplicationState struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ClBpfApplicationStateSpec `json:"spec,omitempty"` + Status BpfAppStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// ClusterBpfApplicationStateList contains a list of BpfApplicationState objects +type ClusterBpfApplicationStateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterBpfApplicationState `json:"items"` +} + +func (an ClusterBpfApplicationState) GetName() string { + return an.Name +} + +func (an ClusterBpfApplicationState) GetUID() metav1types.UID { + return an.UID +} + +func (an ClusterBpfApplicationState) GetAnnotations() map[string]string { + return an.Annotations +} + +func (an ClusterBpfApplicationState) GetLabels() map[string]string { + return an.Labels +} + +func (an ClusterBpfApplicationState) GetStatus() *BpfAppStatus { + return &an.Status +} + +func (an ClusterBpfApplicationState) GetClientObject() client.Object { + return &an +} + +func (anl ClusterBpfApplicationStateList) GetItems() []ClusterBpfApplicationState { + return anl.Items +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go new file mode 100644 index 00000000000..dda549c08c8 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go @@ -0,0 +1,166 @@ +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EBPFProgType defines the supported eBPF program types +type EBPFProgType string + +const ( + // ProgTypeXDP refers to the XDP program type. + ProgTypeXDP EBPFProgType = "xdp" + + // ProgTypeTC refers to the TC program type. + ProgTypeTC EBPFProgType = "tc" + + // ProgTypeTCX refers to the TCX program type. + ProgTypeTCX EBPFProgType = "tcx" + + // ProgTypeFentry refers to the Fentry program type. + ProgTypeFentry EBPFProgType = "fentry" + + // ProgTypeFexit refers to the Fexit program type. + ProgTypeFexit EBPFProgType = "fexit" + + // ProgTypeKprobe refers to the Kprobe program type. + ProgTypeKprobe EBPFProgType = "kprobe" + + // ProgTypeKretprobe refers to the Kretprobe program type. + ProgTypeKretprobe EBPFProgType = "kretprobe" + + // ProgTypeUprobe refers to the Uprobe program type. + ProgTypeUprobe EBPFProgType = "uprobe" + + // ProgTypeUretprobe refers to the Uretprobe program type. + ProgTypeUretprobe EBPFProgType = "uretprobe" + + // ProgTypeTracepoint refers to the Tracepoint program type. + ProgTypeTracepoint EBPFProgType = "tracepoint" +) + +// ClBpfApplicationProgram defines the desired state of BpfApplication +// +union +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'xdp' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tc' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tcx' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'fentry' ? has(self.fentryInfo) : !has(self.fentryInfo)",message="fentryInfo configuration is required when type is fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'fexit' ? has(self.fexitInfo) : !has(self.fexitInfo)",message="fexitInfo configuration is required when type is fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'kprobe' ? has(self.kprobeInfo) : !has(self.kprobeInfo)",message="kprobeInfo configuration is required when type is kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'kretprobe' ? has(self.kretprobeInfo) : !has(self.kretprobeInfo)",message="kretprobeInfo configuration is required when type is kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uretprobe' ? has(self.uretprobeInfo) : !has(self.uretprobeInfo)",message="uretprobeInfo configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tracepoint' ? has(self.tracepointInfo) : !has(self.tracepointInfo)",message="tracepointInfo configuration is required when type is tracepoint, and forbidden otherwise" +type ClBpfApplicationProgram struct { + // Name is the name of the function that is the entry point for the BPF + // program + Name string `json:"name"` + + // Type specifies the bpf program type + // +unionDiscriminator + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum:="xdp";"tc";"tcx";"fentry";"fexit";"kprobe";"kretprobe";"uprobe";"uretprobe";"tracepoint" + Type EBPFProgType `json:"type,omitempty"` + + // xdp defines the desired state of the application's XdpPrograms. + // +unionMember + // +optional + XDPInfo *ClXdpProgramInfo `json:"xdpInfo,omitempty"` + + // tc defines the desired state of the application's TcPrograms. + // +unionMember + // +optional + TCInfo *ClTcProgramInfo `json:"tcInfo,omitempty"` + + // tcx defines the desired state of the application's TcxPrograms. + // +unionMember + // +optional + TCXInfo *ClTcxProgramInfo `json:"tcxInfo,omitempty"` + + // fentry defines the desired state of the application's FentryPrograms. + // +unionMember + // +optional + FentryInfo *ClFentryProgramInfo `json:"fentryInfo,omitempty"` + + // fexit defines the desired state of the application's FexitPrograms. + // +unionMember + // +optional + FexitInfo *ClFexitProgramInfo `json:"fexitInfo,omitempty"` + + // kprobe defines the desired state of the application's KprobePrograms. + // +unionMember + // +optional + KprobeInfo *ClKprobeProgramInfo `json:"kprobeInfo,omitempty"` + + // kretprobe defines the desired state of the application's KretprobePrograms. + // +unionMember + // +optional + KretprobeInfo *ClKprobeProgramInfo `json:"kretprobeInfo,omitempty"` + + // uprobe defines the desired state of the application's UprobePrograms. + // +unionMember + // +optional + UprobeInfo *ClUprobeProgramInfo `json:"uprobeInfo,omitempty"` + + // uretprobe defines the desired state of the application's UretprobePrograms. + // +unionMember + // +optional + UretprobeInfo *ClUprobeProgramInfo `json:"uretprobeInfo,omitempty"` + + // tracepoint defines the desired state of the application's TracepointPrograms. + // +unionMember + // +optional + TracepointInfo *ClTracepointProgramInfo `json:"tracepointInfo,omitempty"` +} + +// ClBpfApplicationSpec defines the desired state of BpfApplication +type ClBpfApplicationSpec struct { + BpfAppCommon `json:",inline"` + // Programs is the list of bpf programs in the BpfApplication that should be + // loaded. The application can selectively choose which program(s) to run + // from this list based on the optional attach points provided. + // +kubebuilder:validation:MinItems:=1 + Programs []ClBpfApplicationProgram `json:"programs,omitempty"` +} + +// +genclient +// +genclient:nonNamespaced +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster + +// ClusterBpfApplication is the Schema for the bpfapplications API +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +type ClusterBpfApplication struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ClBpfApplicationSpec `json:"spec,omitempty"` + Status BpfAppStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// ClusterBpfApplicationList contains a list of BpfApplications +type ClusterBpfApplicationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterBpfApplication `json:"items"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go new file mode 100644 index 00000000000..a911ff59ab0 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go @@ -0,0 +1,56 @@ +/* +Copyright 2024 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// ClFentryProgramInfo defines the Fentry program details +type ClFentryProgramInfo struct { + ClFentryLoadInfo `json:",inline"` + // Whether the program should be attached to the function. + // +optional + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:default:={} + Links []ClFentryAttachInfo `json:"links"` +} + +// ClFentryLoadInfo contains the program-specific load information for Fentry +// programs +type ClFentryLoadInfo struct { + // Function is the name of the function to attach the Fentry program to. + Function string `json:"function"` +} + +// ClFentryAttachInfo indicates that the Fentry program should be attached to +// the function identified in ClFentryLoadInfo. The only valid value for Attach +// is true. +type ClFentryAttachInfo struct { + // +kubebuilder:validation:Enum=true + Attach bool `json:"attach"` +} + +type ClFentryProgramInfoState struct { + ClFentryLoadInfo `json:",inline"` + // +optional + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:default:={} + Links []ClFentryAttachInfoState `json:"links"` +} + +type ClFentryAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go new file mode 100644 index 00000000000..dc5213250ef --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go @@ -0,0 +1,56 @@ +/* +Copyright 2024 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// ClFexitProgramInfo defines the Fexit program details +type ClFexitProgramInfo struct { + ClFexitLoadInfo `json:",inline"` + // Whether the program should be attached to the function. + // +optional + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:default:={} + Links []ClFexitAttachInfo `json:"links"` +} + +// ClFexitLoadInfo contains the program-specific load information for Fexit +// programs +type ClFexitLoadInfo struct { + // Function is the name of the function to attach the Fexit program to. + Function string `json:"function"` +} + +// ClFexitAttachInfo indicates that the Fentry program should be attached to +// the function identified in ClFentryLoadInfo. The only valid value for Attach +// is true. +type ClFexitAttachInfo struct { + // +kubebuilder:validation:Enum=true + Attach bool `json:"attach"` +} + +type ClFexitProgramInfoState struct { + ClFexitLoadInfo `json:",inline"` + // +optional + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:default:={} + Links []ClFexitAttachInfoState `json:"links"` +} + +type ClFexitAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go new file mode 100644 index 00000000000..27764701439 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go @@ -0,0 +1,62 @@ +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// ClKprobeProgramInfo contains the information for the kprobe program +type ClKprobeProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []ClKprobeAttachInfo `json:"links"` +} + +type ClKprobeAttachInfo struct { + // Function to attach the kprobe to. + Function string `json:"function"` + + // Offset added to the address of the function for kprobe. + // The offset must be zero for kretprobes. + // TODO: Add a webhook to enforce kretprobe offset=0. + // See: https://github.com/bpfman/bpfman-operator/issues/403 + // +optional + // +kubebuilder:default:=0 + Offset uint64 `json:"offset"` +} + +type ClKprobeProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []ClKprobeAttachInfoState `json:"links"` +} + +type ClKprobeAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Function to attach the kprobe to. + Function string `json:"function"` + + // Offset added to the address of the function for kprobe. + Offset uint64 `json:"offset"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go new file mode 100644 index 00000000000..fdb7a942284 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go @@ -0,0 +1,100 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return +type TcProceedOnValue string + +// ClTcProgramInfo defines the tc program details +type ClTcProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []ClTcAttachInfo `json:"links"` +} + +type ClTcAttachInfo struct { + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceSelector"` + + // Containers identifies the set of containers in which to attach the eBPF + // program. If Containers is not specified, the BPF program will be attached + // in the root network namespace. + // +optional + Containers *ClContainerSelector `json:"containers"` + + // Direction specifies the direction of traffic the tc program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tc program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other tc programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +optional + // +kubebuilder:validation:MaxItems=11 + // +kubebuilder:default:={pipe,dispatcher_return} + ProceedOn []TcProceedOnValue `json:"proceedOn"` +} + +type ClTcProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []ClTcAttachInfoState `json:"links"` +} + +type ClTcAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Interface name to attach the tc program to. + IfName string `json:"ifName"` + + // Optional container pid to attach the tc program in. + // +optional + ContainerPid *int32 `json:"containerPid"` + + // Direction specifies the direction of traffic the tc program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tc program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other tc programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +kubebuilder:validation:MaxItems=11 + ProceedOn []TcProceedOnValue `json:"proceedOn"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go new file mode 100644 index 00000000000..d2c30f3ff65 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go @@ -0,0 +1,85 @@ +/* +Copyright 2024 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// ClTcxProgramInfo defines the tcx program details +type ClTcxProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []ClTcxAttachInfo `json:"links"` +} + +type ClTcxAttachInfo struct { + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceSelector"` + + // Containers identifies the set of containers in which to attach the eBPF + // program. If Containers is not specified, the BPF program will be attached + // in the root network namespace. + // +optional + Containers *ClContainerSelector `json:"containers"` + + // Direction specifies the direction of traffic the tcx program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tcx program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` +} + +type ClTcxProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []ClTcxAttachInfoState `json:"links"` +} + +type ClTcxAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Interface name to attach the tcx program to. + IfName string `json:"ifName"` + + // Optional container pid to attach the tcx program in. + // +optional + ContainerPid *int32 `json:"containerPid"` + + // Direction specifies the direction of traffic the tcx program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tcx program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go new file mode 100644 index 00000000000..6d932349b1f --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go @@ -0,0 +1,52 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// ClTracepointProgramInfo contains the Tracepoint program details +type ClTracepointProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []ClTracepointAttachInfo `json:"links"` +} + +type ClTracepointAttachInfo struct { + // Name refers to the name of a kernel tracepoint to attach the + // bpf program to. + Name string `json:"name"` +} + +type ClTracepointProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []ClTracepointAttachInfoState `json:"links"` +} + +type ClTracepointAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // The name of a kernel tracepoint to attach the bpf program to. + Name string `json:"name"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go new file mode 100644 index 00000000000..488b511ee87 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go @@ -0,0 +1,89 @@ +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// ClUprobeProgramInfo contains the information for the uprobe program +type ClUprobeProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []ClUprobeAttachInfo `json:"links"` +} + +type ClUprobeAttachInfo struct { + // Function to attach the uprobe to. + // +optional + Function string `json:"function"` + + // Offset added to the address of the function for uprobe. + // +optional + // +kubebuilder:default:=0 + Offset uint64 `json:"offset"` + + // Library name or the absolute path to a binary or library. + Target string `json:"target"` + + // Only execute uprobe for given process identification number (PID). If PID + // is not provided, uprobe executes for all PIDs. + // +optional + Pid *int32 `json:"pid"` + + // Containers identifies the set of containers in which to attach the + // uprobe. If Containers is not specified, the uprobe will be attached in + // the bpfman-agent container. + // +optional + Containers *ClContainerSelector `json:"containers"` +} + +type ClUprobeProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []ClUprobeAttachInfoState `json:"links"` +} + +type ClUprobeAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Function to attach the uprobe to. + // +optional + Function string `json:"function"` + + // Offset added to the address of the function for uprobe. + // +optional + // +kubebuilder:default:=0 + Offset uint64 `json:"offset"` + + // Library name or the absolute path to a binary or library. + Target string `json:"target"` + + // Only execute uprobe for given process identification number (PID). If PID + // is not provided, uprobe executes for all PIDs. + // +optional + Pid *int32 `json:"pid"` + + // Optional container pid to attach the uprobe program in. + // +optional + ContainerPid *int32 `json:"containerPid"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go new file mode 100644 index 00000000000..ddbf4aa80bb --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go @@ -0,0 +1,90 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return +type XdpProceedOnValue string + +// ClXdpProgramInfo contains the xdp program details +type ClXdpProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []ClXdpAttachInfo `json:"links"` +} + +type ClXdpAttachInfo struct { + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceSelector"` + + // Containers identifies the set of containers in which to attach the eBPF + // program. If Containers is not specified, the BPF program will be attached + // in the root network namespace. + // +optional + Containers *ClContainerSelector `json:"containers"` + + // Priority specifies the priority of the bpf program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +optional + // +kubebuilder:validation:MaxItems=6 + // +kubebuilder:default:={pass,dispatcher_return} + ProceedOn []XdpProceedOnValue `json:"proceedOn"` +} + +type ClXdpProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []ClXdpAttachInfoState `json:"links"` +} + +type ClXdpAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Interface name to attach the xdp program to. + IfName string `json:"ifName"` + + // Optional container pid to attach the xdp program in. + // +optional + ContainerPid *int32 `json:"containerPid"` + + // Priority specifies the priority of the xdp program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +kubebuilder:validation:MaxItems=6 + ProceedOn []XdpProceedOnValue `json:"proceedOn"` +} diff --git a/bpfman-operator/apis/v1alpha1/doc.go b/bpfman-operator/apis/v1alpha1/doc.go new file mode 100644 index 00000000000..18313d2cf9e --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains API Schema definitions for the +// bpfman.io API group. +// +kubebuilder:object:generate=true +// +groupName=bpfman.io +package v1alpha1 diff --git a/bpfman-operator/apis/v1alpha1/shared_types.go b/bpfman-operator/apis/v1alpha1/shared_types.go new file mode 100644 index 00000000000..e1165ce0b98 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/shared_types.go @@ -0,0 +1,383 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// InterfaceSelector defines interface to attach to. +// +kubebuilder:validation:MaxProperties=1 +// +kubebuilder:validation:MinProperties=1 +type InterfaceSelector struct { + // Interfaces refers to a list of network interfaces to attach the BPF + // program to. + // +optional + Interfaces *[]string `json:"interfaces,omitempty"` + + // Attach BPF program to the primary interface on the node. Only 'true' accepted. + // +optional + PrimaryNodeInterface *bool `json:"primaryNodeInterface,omitempty"` +} + +// ClContainerSelector identifies a set of containers. For example, this can be +// used to identify a set of containers in which to attach uprobes. +type ClContainerSelector struct { + // Target namespaces. + // +optional + // +kubebuilder:default:="" + Namespace string `json:"namespace"` + + // Target pods. This field must be specified, to select all pods use + // standard metav1.LabelSelector semantics and make it empty. + Pods metav1.LabelSelector `json:"pods"` + + // Name(s) of container(s). If none are specified, all containers in the + // pod are selected. + // +optional + ContainerNames *[]string `json:"containerNames,omitempty"` +} + +// ContainerSelector identifies a set of containers. It is different from ContainerSelector +// in that "Namespace" was removed. Namespace scoped programs can only attach to the namespace +// they are created in, so namespace at this level doesn't apply. +type ContainerSelector struct { + // Target pods. This field must be specified, to select all pods use + // standard metav1.LabelSelector semantics and make it empty. + Pods metav1.LabelSelector `json:"pods"` + + // Name(s) of container(s). If none are specified, all containers in the + // pod are selected. + // +optional + ContainerNames *[]string `json:"containerNames,omitempty"` +} + +// BpfAppCommon defines the common attributes for all BpfApp programs +type BpfAppCommon struct { + // NodeSelector allows the user to specify which nodes to deploy the + // bpf program to. This field must be specified, to select all nodes + // use standard metav1.LabelSelector semantics and make it empty. + NodeSelector metav1.LabelSelector `json:"nodeSelector"` + + // GlobalData allows the user to set global variables when the program is loaded + // with an array of raw bytes. This is a very low level primitive. The caller + // is responsible for formatting the byte string appropriately considering + // such things as size, endianness, alignment and packing of data structures. + // +optional + GlobalData map[string][]byte `json:"globalData,omitempty"` + + // Bytecode configures where the bpf program's bytecode should be loaded + // from. + ByteCode ByteCodeSelector `json:"byteCode"` + + // TODO: need to work out how MapOwnerSelector will work after load-attach-split + // MapOwnerSelector is used to select the loaded eBPF program this eBPF program + // will share a map with. + // +optional + MapOwnerSelector *metav1.LabelSelector `json:"mapOwnerSelector"` +} + +// BpfAppStatus reflects the status of a BpfApplication or BpfApplicationState object +type BpfAppStatus struct { + // For a BpfApplication object, Conditions contains the global cluster state + // for the object. For a BpfApplicationState object, Conditions contains the + // state of the BpfApplication object on the given node. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +} + +// AttachInfoStateCommon reflects the status for one attach point for a given bpf +// application program +type AttachInfoStateCommon struct { + // ShouldAttach reflects whether the attachment should exist. + ShouldAttach bool `json:"shouldAttach"` + // Unique identifier for the attach point assigned by bpfman agent. + UUID string `json:"uuid"` + // An identifier for the link assigned by bpfman. This field is + // empty until the program is successfully attached and bpfman returns the + // id. + LinkId *uint32 `json:"linkId"` + // LinkStatus reflects whether the attachment has been reconciled + // successfully, and if not, why. + LinkStatus LinkStatus `json:"linkStatus"` +} + +type BpfProgramStateCommon struct { + // Name is the name of the function that is the entry point for the BPF + // program + Name string `json:"name"` + // ProgramLinkStatus reflects whether all links requested for the program + // are in the correct state. + ProgramLinkStatus ProgramLinkStatus `json:"programLinkStatus"` + // ProgramId is the id of the program in the kernel. Not set until the + // program is loaded. + // +optional + ProgramId *uint32 `json:"programId"` +} + +// PullPolicy describes a policy for if/when to pull a container image +// +kubebuilder:validation:Enum=Always;Never;IfNotPresent +type PullPolicy string + +const ( + // PullAlways means that bpfman always attempts to pull the latest bytecode image. Container will fail If the pull fails. + PullAlways PullPolicy = "Always" + // PullNever means that bpfman never pulls an image, but only uses a local image. Container will fail if the image isn't present + PullNever PullPolicy = "Never" + // PullIfNotPresent means that bpfman pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. + PullIfNotPresent PullPolicy = "IfNotPresent" +) + +// ByteCodeSelector defines the various ways to reference bpf bytecode objects. +type ByteCodeSelector struct { + // Image used to specify a bytecode container image. + Image *ByteCodeImage `json:"image,omitempty"` + + // Path is used to specify a bytecode object via filepath. + Path *string `json:"path,omitempty"` +} + +// ByteCodeImage defines how to specify a bytecode container image. +type ByteCodeImage struct { + // Valid container image URL used to reference a remote bytecode image. + Url string `json:"url"` + + // PullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent. + // +kubebuilder:default:=IfNotPresent + // +optional + ImagePullPolicy PullPolicy `json:"imagePullPolicy"` + + // ImagePullSecret is the name of the secret bpfman should use to get remote image + // repository secrets. + // +optional + ImagePullSecret *ImagePullSecretSelector `json:"imagePullSecret,omitempty"` +} + +// ImagePullSecretSelector defines the name and namespace of an image pull secret. +type ImagePullSecretSelector struct { + // Name of the secret which contains the credentials to access the image repository. + Name string `json:"name"` + + // Namespace of the secret which contains the credentials to access the image repository. + Namespace string `json:"namespace"` +} + +// ----------------------------------------------------------------------------- +// Status Conditions - BPF Programs +// ----------------------------------------------------------------------------- + +// BpfApplicationConditionType is a condition type to indicate the status of a BPF +// application at the cluster level. +type BpfApplicationConditionType string + +const ( + // BpfAppCondPending indicates that bpfman has not yet completed reconciling + // the Bpf Application on all nodes in the cluster. + BpfAppCondPending BpfApplicationConditionType = "Pending" + + // BpfAppCondSuccess indicates that the BPF application has been + // successfully loaded and attached as requested on all nodes in the + // cluster. + BpfAppCondSuccess BpfApplicationConditionType = "Success" + + // BpfAppCondError indicates that an error has occurred on one or more nodes + // while attempting to apply the configuration described in the CRD. + BpfAppCondError BpfApplicationConditionType = "Error" + + // BpfAppCondDeleteError indicates that the BPF Application was marked for + // deletion, but deletion was unsuccessful on one or more nodes. + BpfAppCondDeleteError BpfApplicationConditionType = "DeleteError" +) + +// Condition is a helper method to promote any given BpfApplicationConditionType +// to a full metav1.Condition in an opinionated fashion. +// +// TODO: this was created in the early days to provide at least SOME status +// information to the user, but the hardcoded messages need to be replaced in +// the future with dynamic and situation-aware messages later. +// +// See: https://github.com/bpfman/bpfman/issues/430 +func (b BpfApplicationConditionType) Condition(message string) metav1.Condition { + cond := metav1.Condition{} + + switch b { + case BpfAppCondPending: + if len(message) == 0 { + message = "Waiting for Bpf Application Object to be reconciled on all nodes" + } + condType := string(BpfAppCondPending) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "Pending", + Message: message, + } + case BpfAppCondError: + if len(message) == 0 { + message = "An error has occurred on one or more nodes" + } + condType := string(BpfAppCondError) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "Error", + Message: message, + } + case BpfAppCondSuccess: + if len(message) == 0 { + message = "BPF application configuration successfully applied on all nodes" + } + condType := string(BpfAppCondSuccess) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "Success", + Message: message, + } + case BpfAppCondDeleteError: + if len(message) == 0 { + message = "Deletion failed on one or more nodes" + } + condType := string(BpfAppCondDeleteError) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "DeleteError", + Message: message, + } + } + + return cond +} + +// BpfApplicationStateConditionType is used to indicate the status of a BPF +// application on a given node. +type BpfApplicationStateConditionType string + +const ( + // BpfAppStateCondPending indicates that bpfman has not yet completed + // reconciling the Bpf Application on the given node. + BpfAppStateCondPending BpfApplicationStateConditionType = "Pending" + + // BpfAppStateCondSuccess indicates that the BPF application has been + // successfully loaded and attached as requested on the given node. + BpfAppStateCondSuccess BpfApplicationStateConditionType = "Success" + + // BpfAppStateCondError indicates that an error has occurred on the given + // node while attempting to apply the configuration described in the CRD. + BpfAppStateCondError BpfApplicationStateConditionType = "Error" + + // BpfAppStateCondError indicates that an error has occurred on the given + // node while attempting to apply the configuration described in the CRD. + BpfAppStateCondProgramListChangedError BpfApplicationStateConditionType = "ProgramListChangedError" + + // BpfAppStateCondDeleteError indicates that the BPF Application was marked + // for deletion, but deletion was unsuccessful on the given node. + BpfAppStateCondDeleteError BpfApplicationStateConditionType = "DeleteError" +) + +// Condition is a helper method to promote any given +// BpfApplicationStateConditionType to a full metav1.Condition in an opinionated +// fashion. +func (b BpfApplicationStateConditionType) Condition() metav1.Condition { + cond := metav1.Condition{} + + switch b { + case BpfAppStateCondPending: + condType := string(BpfAppStateCondPending) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "Pending", + Message: "Not yet complete", + } + case BpfAppStateCondSuccess: + condType := string(BpfAppStateCondSuccess) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "Success", + Message: "The BPF application has been successfully loaded and attached", + } + case BpfAppStateCondError: + condType := string(BpfAppStateCondError) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "Error", + Message: "An error has occurred", + } + case BpfAppStateCondDeleteError: + condType := string(BpfAppStateCondDeleteError) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "Delete Error", + Message: "Deletion failed on one or more nodes", + } + } + return cond +} + +type AppLoadStatus string + +const ( + // The initial load condition + AppLoadNotLoaded AppLoadStatus = "NotLoaded" + // All programs for app have been loaded + AppLoadSuccess AppLoadStatus = "LoadSuccess" + // One or more programs for app has not been loaded + AppLoadError AppLoadStatus = "LoadError" + // All programs for app have been unloaded + AppUnLoadSuccess AppLoadStatus = "UnloadSuccess" + // One or more programs for app has not been unloaded + AppUnloadError AppLoadStatus = "UnloadError" + // The app is not selected to run on the node + NotSelected AppLoadStatus = "NotSelected" + // The app is not selected to run on the node + ProgListChangedError AppLoadStatus = "ProgramListChangedError" +) + +type ProgramLinkStatus string + +const ( + // The initial program attach state + ProgAttachPending ProgramLinkStatus = "Pending" + // All attachments for program are in the correct state + ProgAttachSuccess ProgramLinkStatus = "Success" + // One or more attachments for program are not in the correct state + ProgAttachError ProgramLinkStatus = "Error" + // There was an error updating the attach info + UpdateAttachInfoError ProgramLinkStatus = "UpdateAttachInfoError" +) + +type LinkStatus string + +const ( + // Attach point is attached + ApAttachAttached LinkStatus = "Attached" + // Attach point is not attached + ApAttachNotAttached LinkStatus = "NotAttached" + // An attach was attempted, but there was an error + ApAttachError LinkStatus = "AttachError" + // A detach was attempted, but there was an error + ApDetachError LinkStatus = "DetachError" +) diff --git a/bpfman-operator/apis/v1alpha1/tc_program_types.go b/bpfman-operator/apis/v1alpha1/tc_program_types.go new file mode 100644 index 00000000000..d6ac9f07104 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/tc_program_types.go @@ -0,0 +1,94 @@ +/* +Copyright 2024 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// TcProgramInfo defines the tc program details +type TcProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []TcAttachInfo `json:"links"` +} + +type TcAttachInfo struct { + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceSelector"` + + // Containers identifies the set of containers in which to attach the eBPF + // program. + Containers ContainerSelector `json:"containers"` + + // Direction specifies the direction of traffic the tc program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tc program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other tc programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +optional + // +kubebuilder:validation:MaxItems=11 + // +kubebuilder:default:={pipe,dispatcher_return} + ProceedOn []TcProceedOnValue `json:"proceedOn"` +} + +type TcProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []TcAttachInfoState `json:"links"` +} + +type TcAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Interface name to attach the tc program to. + IfName string `json:"ifName"` + + // Container pid to attach the tc program in. + ContainerPid int32 `json:"containerPid"` + + // Direction specifies the direction of traffic the tc program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tc program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other tc programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +kubebuilder:validation:MaxItems=11 + ProceedOn []TcProceedOnValue `json:"proceedOn"` +} diff --git a/bpfman-operator/apis/v1alpha1/tcx_program_types.go b/bpfman-operator/apis/v1alpha1/tcx_program_types.go new file mode 100644 index 00000000000..d1619bb8f51 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/tcx_program_types.go @@ -0,0 +1,82 @@ +/* +Copyright 2024 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// TcxProgramInfo defines the tcx program details +type TcxProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []TcxAttachInfo `json:"links"` +} + +type TcxAttachInfo struct { + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceSelector"` + + // Containers identifies the set of containers in which to attach the eBPF + // program. + Containers ContainerSelector `json:"containers"` + + // Direction specifies the direction of traffic the tcx program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tcx program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` +} + +type TcxProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []TcxAttachInfoState `json:"links"` +} + +type TcxAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Interface name to attach the tcx program to. + IfName string `json:"ifName"` + + // Container pid to attach the tcx program in. + ContainerPid int32 `json:"containerPid"` + + // Direction specifies the direction of traffic the tcx program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tcx program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` +} diff --git a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go new file mode 100644 index 00000000000..2e001516883 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go @@ -0,0 +1,87 @@ +/* +Copyright 2024 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// UprobeProgramInfo contains the information for the uprobe program +type UprobeProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []UprobeAttachInfo `json:"links"` +} + +type UprobeAttachInfo struct { + // Function to attach the uprobe to. + // +optional + Function string `json:"function"` + + // Offset added to the address of the function for uprobe. + // +optional + // +kubebuilder:default:=0 + Offset uint64 `json:"offset"` + + // Library name or the absolute path to a binary or library. + Target string `json:"target"` + + // Only execute uprobe for given process identification number (PID). If PID + // is not provided, uprobe executes for all PIDs. + // +optional + Pid *int32 `json:"pid"` + + // Containers identifies the set of containers in which to attach the + // uprobe. + Containers ContainerSelector `json:"containers"` +} + +type UprobeProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []UprobeAttachInfoState `json:"links"` +} + +type UprobeAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Function to attach the uprobe to. + // +optional + Function string `json:"function"` + + // Offset added to the address of the function for uprobe. + // +optional + // +kubebuilder:default:=0 + Offset uint64 `json:"offset"` + + // Library name or the absolute path to a binary or library. + Target string `json:"target"` + + // Only execute uprobe for given process identification number (PID). If PID + // is not provided, uprobe executes for all PIDs. + // +optional + Pid *int32 `json:"pid"` + + // Container pid to attach the uprobe program in. + // +optional + ContainerPid int32 `json:"containerPid"` +} diff --git a/bpfman-operator/apis/v1alpha1/xdp_program_types.go b/bpfman-operator/apis/v1alpha1/xdp_program_types.go new file mode 100644 index 00000000000..01c436e9fa8 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/xdp_program_types.go @@ -0,0 +1,84 @@ +/* +Copyright 2024 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +// XdpProgramInfo contains the xdp program details +type XdpProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []XdpAttachInfo `json:"links"` +} + +type XdpAttachInfo struct { + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceSelector"` + + // Containers identifies the set of containers in which to attach the eBPF + // program. + Containers ContainerSelector `json:"containers"` + + // Priority specifies the priority of the bpf program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +optional + // +kubebuilder:validation:MaxItems=6 + // +kubebuilder:default:={pass,dispatcher_return} + ProceedOn []XdpProceedOnValue `json:"proceedOn"` +} + +type XdpProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []XdpAttachInfoState `json:"links"` +} + +type XdpAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Interface name to attach the xdp program to. + IfName string `json:"ifName"` + + // Container pid to attach the xdp program in. + ContainerPid int32 `json:"containerPid"` + + // Priority specifies the priority of the xdp program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +kubebuilder:validation:MaxItems=6 + ProceedOn []XdpProceedOnValue `json:"proceedOn"` +} diff --git a/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go b/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..788869da38e --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,1839 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2025 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AttachInfoStateCommon) DeepCopyInto(out *AttachInfoStateCommon) { + *out = *in + if in.LinkId != nil { + in, out := &in.LinkId, &out.LinkId + *out = new(uint32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttachInfoStateCommon. +func (in *AttachInfoStateCommon) DeepCopy() *AttachInfoStateCommon { + if in == nil { + return nil + } + out := new(AttachInfoStateCommon) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfAppCommon) DeepCopyInto(out *BpfAppCommon) { + *out = *in + in.NodeSelector.DeepCopyInto(&out.NodeSelector) + if in.GlobalData != nil { + in, out := &in.GlobalData, &out.GlobalData + *out = make(map[string][]byte, len(*in)) + for key, val := range *in { + var outVal []byte + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = make([]byte, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + in.ByteCode.DeepCopyInto(&out.ByteCode) + if in.MapOwnerSelector != nil { + in, out := &in.MapOwnerSelector, &out.MapOwnerSelector + *out = new(v1.LabelSelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfAppCommon. +func (in *BpfAppCommon) DeepCopy() *BpfAppCommon { + if in == nil { + return nil + } + out := new(BpfAppCommon) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfAppStatus) DeepCopyInto(out *BpfAppStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfAppStatus. +func (in *BpfAppStatus) DeepCopy() *BpfAppStatus { + if in == nil { + return nil + } + out := new(BpfAppStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplication) DeepCopyInto(out *BpfApplication) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplication. +func (in *BpfApplication) DeepCopy() *BpfApplication { + if in == nil { + return nil + } + out := new(BpfApplication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BpfApplication) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationList) DeepCopyInto(out *BpfApplicationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BpfApplication, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationList. +func (in *BpfApplicationList) DeepCopy() *BpfApplicationList { + if in == nil { + return nil + } + out := new(BpfApplicationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BpfApplicationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationProgram) DeepCopyInto(out *BpfApplicationProgram) { + *out = *in + if in.XDPInfo != nil { + in, out := &in.XDPInfo, &out.XDPInfo + *out = new(XdpProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.TCInfo != nil { + in, out := &in.TCInfo, &out.TCInfo + *out = new(TcProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.TCXInfo != nil { + in, out := &in.TCXInfo, &out.TCXInfo + *out = new(TcxProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.UprobeInfo != nil { + in, out := &in.UprobeInfo, &out.UprobeInfo + *out = new(UprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.UretprobeInfo != nil { + in, out := &in.UretprobeInfo, &out.UretprobeInfo + *out = new(UprobeProgramInfo) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationProgram. +func (in *BpfApplicationProgram) DeepCopy() *BpfApplicationProgram { + if in == nil { + return nil + } + out := new(BpfApplicationProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationProgramState) DeepCopyInto(out *BpfApplicationProgramState) { + *out = *in + in.BpfProgramStateCommon.DeepCopyInto(&out.BpfProgramStateCommon) + if in.XDPInfo != nil { + in, out := &in.XDPInfo, &out.XDPInfo + *out = new(XdpProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.TCInfo != nil { + in, out := &in.TCInfo, &out.TCInfo + *out = new(TcProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.TCXInfo != nil { + in, out := &in.TCXInfo, &out.TCXInfo + *out = new(TcxProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.UprobeInfo != nil { + in, out := &in.UprobeInfo, &out.UprobeInfo + *out = new(UprobeProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.UretprobeInfo != nil { + in, out := &in.UretprobeInfo, &out.UretprobeInfo + *out = new(UprobeProgramInfoState) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationProgramState. +func (in *BpfApplicationProgramState) DeepCopy() *BpfApplicationProgramState { + if in == nil { + return nil + } + out := new(BpfApplicationProgramState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationSpec) DeepCopyInto(out *BpfApplicationSpec) { + *out = *in + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) + if in.Programs != nil { + in, out := &in.Programs, &out.Programs + *out = make([]BpfApplicationProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationSpec. +func (in *BpfApplicationSpec) DeepCopy() *BpfApplicationSpec { + if in == nil { + return nil + } + out := new(BpfApplicationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationState) DeepCopyInto(out *BpfApplicationState) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationState. +func (in *BpfApplicationState) DeepCopy() *BpfApplicationState { + if in == nil { + return nil + } + out := new(BpfApplicationState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BpfApplicationState) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationStateList) DeepCopyInto(out *BpfApplicationStateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BpfApplicationState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationStateList. +func (in *BpfApplicationStateList) DeepCopy() *BpfApplicationStateList { + if in == nil { + return nil + } + out := new(BpfApplicationStateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BpfApplicationStateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationStateSpec) DeepCopyInto(out *BpfApplicationStateSpec) { + *out = *in + if in.Programs != nil { + in, out := &in.Programs, &out.Programs + *out = make([]BpfApplicationProgramState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationStateSpec. +func (in *BpfApplicationStateSpec) DeepCopy() *BpfApplicationStateSpec { + if in == nil { + return nil + } + out := new(BpfApplicationStateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfProgramStateCommon) DeepCopyInto(out *BpfProgramStateCommon) { + *out = *in + if in.ProgramId != nil { + in, out := &in.ProgramId, &out.ProgramId + *out = new(uint32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgramStateCommon. +func (in *BpfProgramStateCommon) DeepCopy() *BpfProgramStateCommon { + if in == nil { + return nil + } + out := new(BpfProgramStateCommon) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ByteCodeImage) DeepCopyInto(out *ByteCodeImage) { + *out = *in + if in.ImagePullSecret != nil { + in, out := &in.ImagePullSecret, &out.ImagePullSecret + *out = new(ImagePullSecretSelector) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByteCodeImage. +func (in *ByteCodeImage) DeepCopy() *ByteCodeImage { + if in == nil { + return nil + } + out := new(ByteCodeImage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ByteCodeSelector) DeepCopyInto(out *ByteCodeSelector) { + *out = *in + if in.Image != nil { + in, out := &in.Image, &out.Image + *out = new(ByteCodeImage) + (*in).DeepCopyInto(*out) + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByteCodeSelector. +func (in *ByteCodeSelector) DeepCopy() *ByteCodeSelector { + if in == nil { + return nil + } + out := new(ByteCodeSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClBpfApplicationProgram) DeepCopyInto(out *ClBpfApplicationProgram) { + *out = *in + if in.XDPInfo != nil { + in, out := &in.XDPInfo, &out.XDPInfo + *out = new(ClXdpProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.TCInfo != nil { + in, out := &in.TCInfo, &out.TCInfo + *out = new(ClTcProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.TCXInfo != nil { + in, out := &in.TCXInfo, &out.TCXInfo + *out = new(ClTcxProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.FentryInfo != nil { + in, out := &in.FentryInfo, &out.FentryInfo + *out = new(ClFentryProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.FexitInfo != nil { + in, out := &in.FexitInfo, &out.FexitInfo + *out = new(ClFexitProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.KprobeInfo != nil { + in, out := &in.KprobeInfo, &out.KprobeInfo + *out = new(ClKprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.KretprobeInfo != nil { + in, out := &in.KretprobeInfo, &out.KretprobeInfo + *out = new(ClKprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.UprobeInfo != nil { + in, out := &in.UprobeInfo, &out.UprobeInfo + *out = new(ClUprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.UretprobeInfo != nil { + in, out := &in.UretprobeInfo, &out.UretprobeInfo + *out = new(ClUprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.TracepointInfo != nil { + in, out := &in.TracepointInfo, &out.TracepointInfo + *out = new(ClTracepointProgramInfo) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClBpfApplicationProgram. +func (in *ClBpfApplicationProgram) DeepCopy() *ClBpfApplicationProgram { + if in == nil { + return nil + } + out := new(ClBpfApplicationProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClBpfApplicationProgramState) DeepCopyInto(out *ClBpfApplicationProgramState) { + *out = *in + in.BpfProgramStateCommon.DeepCopyInto(&out.BpfProgramStateCommon) + if in.XDPInfo != nil { + in, out := &in.XDPInfo, &out.XDPInfo + *out = new(ClXdpProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.TCInfo != nil { + in, out := &in.TCInfo, &out.TCInfo + *out = new(ClTcProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.TCXInfo != nil { + in, out := &in.TCXInfo, &out.TCXInfo + *out = new(ClTcxProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.FentryInfo != nil { + in, out := &in.FentryInfo, &out.FentryInfo + *out = new(ClFentryProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.FexitInfo != nil { + in, out := &in.FexitInfo, &out.FexitInfo + *out = new(ClFexitProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.KprobeInfo != nil { + in, out := &in.KprobeInfo, &out.KprobeInfo + *out = new(ClKprobeProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.KretprobeInfo != nil { + in, out := &in.KretprobeInfo, &out.KretprobeInfo + *out = new(ClKprobeProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.UprobeInfo != nil { + in, out := &in.UprobeInfo, &out.UprobeInfo + *out = new(ClUprobeProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.UretprobeInfo != nil { + in, out := &in.UretprobeInfo, &out.UretprobeInfo + *out = new(ClUprobeProgramInfoState) + (*in).DeepCopyInto(*out) + } + if in.TracepointInfo != nil { + in, out := &in.TracepointInfo, &out.TracepointInfo + *out = new(ClTracepointProgramInfoState) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClBpfApplicationProgramState. +func (in *ClBpfApplicationProgramState) DeepCopy() *ClBpfApplicationProgramState { + if in == nil { + return nil + } + out := new(ClBpfApplicationProgramState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClBpfApplicationSpec) DeepCopyInto(out *ClBpfApplicationSpec) { + *out = *in + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) + if in.Programs != nil { + in, out := &in.Programs, &out.Programs + *out = make([]ClBpfApplicationProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClBpfApplicationSpec. +func (in *ClBpfApplicationSpec) DeepCopy() *ClBpfApplicationSpec { + if in == nil { + return nil + } + out := new(ClBpfApplicationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClBpfApplicationStateSpec) DeepCopyInto(out *ClBpfApplicationStateSpec) { + *out = *in + if in.Programs != nil { + in, out := &in.Programs, &out.Programs + *out = make([]ClBpfApplicationProgramState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClBpfApplicationStateSpec. +func (in *ClBpfApplicationStateSpec) DeepCopy() *ClBpfApplicationStateSpec { + if in == nil { + return nil + } + out := new(ClBpfApplicationStateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClContainerSelector) DeepCopyInto(out *ClContainerSelector) { + *out = *in + in.Pods.DeepCopyInto(&out.Pods) + if in.ContainerNames != nil { + in, out := &in.ContainerNames, &out.ContainerNames + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClContainerSelector. +func (in *ClContainerSelector) DeepCopy() *ClContainerSelector { + if in == nil { + return nil + } + out := new(ClContainerSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFentryAttachInfo) DeepCopyInto(out *ClFentryAttachInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFentryAttachInfo. +func (in *ClFentryAttachInfo) DeepCopy() *ClFentryAttachInfo { + if in == nil { + return nil + } + out := new(ClFentryAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFentryAttachInfoState) DeepCopyInto(out *ClFentryAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFentryAttachInfoState. +func (in *ClFentryAttachInfoState) DeepCopy() *ClFentryAttachInfoState { + if in == nil { + return nil + } + out := new(ClFentryAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFentryLoadInfo) DeepCopyInto(out *ClFentryLoadInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFentryLoadInfo. +func (in *ClFentryLoadInfo) DeepCopy() *ClFentryLoadInfo { + if in == nil { + return nil + } + out := new(ClFentryLoadInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFentryProgramInfo) DeepCopyInto(out *ClFentryProgramInfo) { + *out = *in + out.ClFentryLoadInfo = in.ClFentryLoadInfo + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClFentryAttachInfo, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFentryProgramInfo. +func (in *ClFentryProgramInfo) DeepCopy() *ClFentryProgramInfo { + if in == nil { + return nil + } + out := new(ClFentryProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFentryProgramInfoState) DeepCopyInto(out *ClFentryProgramInfoState) { + *out = *in + out.ClFentryLoadInfo = in.ClFentryLoadInfo + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClFentryAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFentryProgramInfoState. +func (in *ClFentryProgramInfoState) DeepCopy() *ClFentryProgramInfoState { + if in == nil { + return nil + } + out := new(ClFentryProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFexitAttachInfo) DeepCopyInto(out *ClFexitAttachInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFexitAttachInfo. +func (in *ClFexitAttachInfo) DeepCopy() *ClFexitAttachInfo { + if in == nil { + return nil + } + out := new(ClFexitAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFexitAttachInfoState) DeepCopyInto(out *ClFexitAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFexitAttachInfoState. +func (in *ClFexitAttachInfoState) DeepCopy() *ClFexitAttachInfoState { + if in == nil { + return nil + } + out := new(ClFexitAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFexitLoadInfo) DeepCopyInto(out *ClFexitLoadInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFexitLoadInfo. +func (in *ClFexitLoadInfo) DeepCopy() *ClFexitLoadInfo { + if in == nil { + return nil + } + out := new(ClFexitLoadInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFexitProgramInfo) DeepCopyInto(out *ClFexitProgramInfo) { + *out = *in + out.ClFexitLoadInfo = in.ClFexitLoadInfo + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClFexitAttachInfo, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFexitProgramInfo. +func (in *ClFexitProgramInfo) DeepCopy() *ClFexitProgramInfo { + if in == nil { + return nil + } + out := new(ClFexitProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClFexitProgramInfoState) DeepCopyInto(out *ClFexitProgramInfoState) { + *out = *in + out.ClFexitLoadInfo = in.ClFexitLoadInfo + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClFexitAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClFexitProgramInfoState. +func (in *ClFexitProgramInfoState) DeepCopy() *ClFexitProgramInfoState { + if in == nil { + return nil + } + out := new(ClFexitProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClKprobeAttachInfo) DeepCopyInto(out *ClKprobeAttachInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClKprobeAttachInfo. +func (in *ClKprobeAttachInfo) DeepCopy() *ClKprobeAttachInfo { + if in == nil { + return nil + } + out := new(ClKprobeAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClKprobeAttachInfoState) DeepCopyInto(out *ClKprobeAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClKprobeAttachInfoState. +func (in *ClKprobeAttachInfoState) DeepCopy() *ClKprobeAttachInfoState { + if in == nil { + return nil + } + out := new(ClKprobeAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClKprobeProgramInfo) DeepCopyInto(out *ClKprobeProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClKprobeAttachInfo, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClKprobeProgramInfo. +func (in *ClKprobeProgramInfo) DeepCopy() *ClKprobeProgramInfo { + if in == nil { + return nil + } + out := new(ClKprobeProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClKprobeProgramInfoState) DeepCopyInto(out *ClKprobeProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClKprobeAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClKprobeProgramInfoState. +func (in *ClKprobeProgramInfoState) DeepCopy() *ClKprobeProgramInfoState { + if in == nil { + return nil + } + out := new(ClKprobeProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTcAttachInfo) DeepCopyInto(out *ClTcAttachInfo) { + *out = *in + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ClContainerSelector) + (*in).DeepCopyInto(*out) + } + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]TcProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcAttachInfo. +func (in *ClTcAttachInfo) DeepCopy() *ClTcAttachInfo { + if in == nil { + return nil + } + out := new(ClTcAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTcAttachInfoState) DeepCopyInto(out *ClTcAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) + if in.ContainerPid != nil { + in, out := &in.ContainerPid, &out.ContainerPid + *out = new(int32) + **out = **in + } + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]TcProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcAttachInfoState. +func (in *ClTcAttachInfoState) DeepCopy() *ClTcAttachInfoState { + if in == nil { + return nil + } + out := new(ClTcAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTcProgramInfo) DeepCopyInto(out *ClTcProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClTcAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcProgramInfo. +func (in *ClTcProgramInfo) DeepCopy() *ClTcProgramInfo { + if in == nil { + return nil + } + out := new(ClTcProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTcProgramInfoState) DeepCopyInto(out *ClTcProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClTcAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcProgramInfoState. +func (in *ClTcProgramInfoState) DeepCopy() *ClTcProgramInfoState { + if in == nil { + return nil + } + out := new(ClTcProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTcxAttachInfo) DeepCopyInto(out *ClTcxAttachInfo) { + *out = *in + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ClContainerSelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcxAttachInfo. +func (in *ClTcxAttachInfo) DeepCopy() *ClTcxAttachInfo { + if in == nil { + return nil + } + out := new(ClTcxAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTcxAttachInfoState) DeepCopyInto(out *ClTcxAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) + if in.ContainerPid != nil { + in, out := &in.ContainerPid, &out.ContainerPid + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcxAttachInfoState. +func (in *ClTcxAttachInfoState) DeepCopy() *ClTcxAttachInfoState { + if in == nil { + return nil + } + out := new(ClTcxAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTcxProgramInfo) DeepCopyInto(out *ClTcxProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClTcxAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcxProgramInfo. +func (in *ClTcxProgramInfo) DeepCopy() *ClTcxProgramInfo { + if in == nil { + return nil + } + out := new(ClTcxProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTcxProgramInfoState) DeepCopyInto(out *ClTcxProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClTcxAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcxProgramInfoState. +func (in *ClTcxProgramInfoState) DeepCopy() *ClTcxProgramInfoState { + if in == nil { + return nil + } + out := new(ClTcxProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTracepointAttachInfo) DeepCopyInto(out *ClTracepointAttachInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTracepointAttachInfo. +func (in *ClTracepointAttachInfo) DeepCopy() *ClTracepointAttachInfo { + if in == nil { + return nil + } + out := new(ClTracepointAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTracepointAttachInfoState) DeepCopyInto(out *ClTracepointAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTracepointAttachInfoState. +func (in *ClTracepointAttachInfoState) DeepCopy() *ClTracepointAttachInfoState { + if in == nil { + return nil + } + out := new(ClTracepointAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTracepointProgramInfo) DeepCopyInto(out *ClTracepointProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClTracepointAttachInfo, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTracepointProgramInfo. +func (in *ClTracepointProgramInfo) DeepCopy() *ClTracepointProgramInfo { + if in == nil { + return nil + } + out := new(ClTracepointProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClTracepointProgramInfoState) DeepCopyInto(out *ClTracepointProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClTracepointAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTracepointProgramInfoState. +func (in *ClTracepointProgramInfoState) DeepCopy() *ClTracepointProgramInfoState { + if in == nil { + return nil + } + out := new(ClTracepointProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClUprobeAttachInfo) DeepCopyInto(out *ClUprobeAttachInfo) { + *out = *in + if in.Pid != nil { + in, out := &in.Pid, &out.Pid + *out = new(int32) + **out = **in + } + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ClContainerSelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClUprobeAttachInfo. +func (in *ClUprobeAttachInfo) DeepCopy() *ClUprobeAttachInfo { + if in == nil { + return nil + } + out := new(ClUprobeAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClUprobeAttachInfoState) DeepCopyInto(out *ClUprobeAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) + if in.Pid != nil { + in, out := &in.Pid, &out.Pid + *out = new(int32) + **out = **in + } + if in.ContainerPid != nil { + in, out := &in.ContainerPid, &out.ContainerPid + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClUprobeAttachInfoState. +func (in *ClUprobeAttachInfoState) DeepCopy() *ClUprobeAttachInfoState { + if in == nil { + return nil + } + out := new(ClUprobeAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClUprobeProgramInfo) DeepCopyInto(out *ClUprobeProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClUprobeAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClUprobeProgramInfo. +func (in *ClUprobeProgramInfo) DeepCopy() *ClUprobeProgramInfo { + if in == nil { + return nil + } + out := new(ClUprobeProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClUprobeProgramInfoState) DeepCopyInto(out *ClUprobeProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClUprobeAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClUprobeProgramInfoState. +func (in *ClUprobeProgramInfoState) DeepCopy() *ClUprobeProgramInfoState { + if in == nil { + return nil + } + out := new(ClUprobeProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClXdpAttachInfo) DeepCopyInto(out *ClXdpAttachInfo) { + *out = *in + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ClContainerSelector) + (*in).DeepCopyInto(*out) + } + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]XdpProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClXdpAttachInfo. +func (in *ClXdpAttachInfo) DeepCopy() *ClXdpAttachInfo { + if in == nil { + return nil + } + out := new(ClXdpAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClXdpAttachInfoState) DeepCopyInto(out *ClXdpAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) + if in.ContainerPid != nil { + in, out := &in.ContainerPid, &out.ContainerPid + *out = new(int32) + **out = **in + } + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]XdpProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClXdpAttachInfoState. +func (in *ClXdpAttachInfoState) DeepCopy() *ClXdpAttachInfoState { + if in == nil { + return nil + } + out := new(ClXdpAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClXdpProgramInfo) DeepCopyInto(out *ClXdpProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClXdpAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClXdpProgramInfo. +func (in *ClXdpProgramInfo) DeepCopy() *ClXdpProgramInfo { + if in == nil { + return nil + } + out := new(ClXdpProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClXdpProgramInfoState) DeepCopyInto(out *ClXdpProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClXdpAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClXdpProgramInfoState. +func (in *ClXdpProgramInfoState) DeepCopy() *ClXdpProgramInfoState { + if in == nil { + return nil + } + out := new(ClXdpProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterBpfApplication) DeepCopyInto(out *ClusterBpfApplication) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBpfApplication. +func (in *ClusterBpfApplication) DeepCopy() *ClusterBpfApplication { + if in == nil { + return nil + } + out := new(ClusterBpfApplication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterBpfApplication) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterBpfApplicationList) DeepCopyInto(out *ClusterBpfApplicationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterBpfApplication, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBpfApplicationList. +func (in *ClusterBpfApplicationList) DeepCopy() *ClusterBpfApplicationList { + if in == nil { + return nil + } + out := new(ClusterBpfApplicationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterBpfApplicationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterBpfApplicationState) DeepCopyInto(out *ClusterBpfApplicationState) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBpfApplicationState. +func (in *ClusterBpfApplicationState) DeepCopy() *ClusterBpfApplicationState { + if in == nil { + return nil + } + out := new(ClusterBpfApplicationState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterBpfApplicationState) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterBpfApplicationStateList) DeepCopyInto(out *ClusterBpfApplicationStateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterBpfApplicationState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBpfApplicationStateList. +func (in *ClusterBpfApplicationStateList) DeepCopy() *ClusterBpfApplicationStateList { + if in == nil { + return nil + } + out := new(ClusterBpfApplicationStateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterBpfApplicationStateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerSelector) DeepCopyInto(out *ContainerSelector) { + *out = *in + in.Pods.DeepCopyInto(&out.Pods) + if in.ContainerNames != nil { + in, out := &in.ContainerNames, &out.ContainerNames + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerSelector. +func (in *ContainerSelector) DeepCopy() *ContainerSelector { + if in == nil { + return nil + } + out := new(ContainerSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePullSecretSelector) DeepCopyInto(out *ImagePullSecretSelector) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePullSecretSelector. +func (in *ImagePullSecretSelector) DeepCopy() *ImagePullSecretSelector { + if in == nil { + return nil + } + out := new(ImagePullSecretSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InterfaceSelector) DeepCopyInto(out *InterfaceSelector) { + *out = *in + if in.Interfaces != nil { + in, out := &in.Interfaces, &out.Interfaces + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } + if in.PrimaryNodeInterface != nil { + in, out := &in.PrimaryNodeInterface, &out.PrimaryNodeInterface + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterfaceSelector. +func (in *InterfaceSelector) DeepCopy() *InterfaceSelector { + if in == nil { + return nil + } + out := new(InterfaceSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcAttachInfo) DeepCopyInto(out *TcAttachInfo) { + *out = *in + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + in.Containers.DeepCopyInto(&out.Containers) + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]TcProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcAttachInfo. +func (in *TcAttachInfo) DeepCopy() *TcAttachInfo { + if in == nil { + return nil + } + out := new(TcAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcAttachInfoState) DeepCopyInto(out *TcAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]TcProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcAttachInfoState. +func (in *TcAttachInfoState) DeepCopy() *TcAttachInfoState { + if in == nil { + return nil + } + out := new(TcAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcProgramInfo) DeepCopyInto(out *TcProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]TcAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgramInfo. +func (in *TcProgramInfo) DeepCopy() *TcProgramInfo { + if in == nil { + return nil + } + out := new(TcProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcProgramInfoState) DeepCopyInto(out *TcProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]TcAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgramInfoState. +func (in *TcProgramInfoState) DeepCopy() *TcProgramInfoState { + if in == nil { + return nil + } + out := new(TcProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxAttachInfo) DeepCopyInto(out *TcxAttachInfo) { + *out = *in + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + in.Containers.DeepCopyInto(&out.Containers) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxAttachInfo. +func (in *TcxAttachInfo) DeepCopy() *TcxAttachInfo { + if in == nil { + return nil + } + out := new(TcxAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxAttachInfoState) DeepCopyInto(out *TcxAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxAttachInfoState. +func (in *TcxAttachInfoState) DeepCopy() *TcxAttachInfoState { + if in == nil { + return nil + } + out := new(TcxAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxProgramInfo) DeepCopyInto(out *TcxProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]TcxAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgramInfo. +func (in *TcxProgramInfo) DeepCopy() *TcxProgramInfo { + if in == nil { + return nil + } + out := new(TcxProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxProgramInfoState) DeepCopyInto(out *TcxProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]TcxAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgramInfoState. +func (in *TcxProgramInfoState) DeepCopy() *TcxProgramInfoState { + if in == nil { + return nil + } + out := new(TcxProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeAttachInfo) DeepCopyInto(out *UprobeAttachInfo) { + *out = *in + if in.Pid != nil { + in, out := &in.Pid, &out.Pid + *out = new(int32) + **out = **in + } + in.Containers.DeepCopyInto(&out.Containers) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeAttachInfo. +func (in *UprobeAttachInfo) DeepCopy() *UprobeAttachInfo { + if in == nil { + return nil + } + out := new(UprobeAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeAttachInfoState) DeepCopyInto(out *UprobeAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) + if in.Pid != nil { + in, out := &in.Pid, &out.Pid + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeAttachInfoState. +func (in *UprobeAttachInfoState) DeepCopy() *UprobeAttachInfoState { + if in == nil { + return nil + } + out := new(UprobeAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeProgramInfo) DeepCopyInto(out *UprobeProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]UprobeAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgramInfo. +func (in *UprobeProgramInfo) DeepCopy() *UprobeProgramInfo { + if in == nil { + return nil + } + out := new(UprobeProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeProgramInfoState) DeepCopyInto(out *UprobeProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]UprobeAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgramInfoState. +func (in *UprobeProgramInfoState) DeepCopy() *UprobeProgramInfoState { + if in == nil { + return nil + } + out := new(UprobeProgramInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpAttachInfo) DeepCopyInto(out *XdpAttachInfo) { + *out = *in + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + in.Containers.DeepCopyInto(&out.Containers) + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]XdpProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpAttachInfo. +func (in *XdpAttachInfo) DeepCopy() *XdpAttachInfo { + if in == nil { + return nil + } + out := new(XdpAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpAttachInfoState) DeepCopyInto(out *XdpAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]XdpProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpAttachInfoState. +func (in *XdpAttachInfoState) DeepCopy() *XdpAttachInfoState { + if in == nil { + return nil + } + out := new(XdpAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpProgramInfo) DeepCopyInto(out *XdpProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]XdpAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgramInfo. +func (in *XdpProgramInfo) DeepCopy() *XdpProgramInfo { + if in == nil { + return nil + } + out := new(XdpProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpProgramInfoState) DeepCopyInto(out *XdpProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]XdpAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgramInfoState. +func (in *XdpProgramInfoState) DeepCopy() *XdpProgramInfoState { + if in == nil { + return nil + } + out := new(XdpProgramInfoState) + in.DeepCopyInto(out) + return out +} diff --git a/bpfman-operator/apis/v1alpha1/zz_generated.register.go b/bpfman-operator/apis/v1alpha1/zz_generated.register.go new file mode 100644 index 00000000000..8398936c140 --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/zz_generated.register.go @@ -0,0 +1,76 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2025 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by register-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName specifies the group name used to register the objects. +const GroupName = "bpfman.io" + +// GroupVersion specifies the group and the version used to register the objects. +var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// SchemeGroupVersion is group version used to register these objects +// Deprecated: use GroupVersion instead. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + // Deprecated: use Install instead + AddToScheme = localSchemeBuilder.AddToScheme + Install = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &BpfApplication{}, + &BpfApplicationList{}, + &BpfApplicationState{}, + &BpfApplicationStateList{}, + &ClusterBpfApplication{}, + &ClusterBpfApplicationList{}, + &ClusterBpfApplicationState{}, + &ClusterBpfApplicationStateList{}, + ) + // AddToGroupVersion allows the serialization of client types like ListOptions. + v1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} From 78534fc07c71966570736087d95737168d7b26c5 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Tue, 11 Mar 2025 15:23:21 -0400 Subject: [PATCH 02/15] Initial attempt to address userDoc, enum fmt Signed-off-by: Mohamed Mahmoud --- .../v1alpha1/bpf_application_state_types.go | 35 ++++++------ .../apis/v1alpha1/bpf_application_types.go | 31 +++++----- .../cluster_bpf_application_state_types.go | 56 +++++++++---------- .../v1alpha1/cluster_bpf_application_types.go | 52 ++++++++--------- .../v1alpha1/cluster_fentry_program_types.go | 2 +- .../v1alpha1/cluster_fexit_program_types.go | 2 +- .../v1alpha1/cluster_kprobe_program_types.go | 4 +- .../apis/v1alpha1/cluster_tc_program_types.go | 22 ++++---- .../v1alpha1/cluster_tcx_program_types.go | 20 +++---- .../cluster_tracepoint_program_types.go | 8 +-- .../v1alpha1/cluster_uprobe_program_types.go | 22 ++++---- .../v1alpha1/cluster_xdp_program_types.go | 22 ++++---- bpfman-operator/apis/v1alpha1/shared_types.go | 50 ++++++++--------- .../apis/v1alpha1/tc_program_types.go | 26 ++++----- .../apis/v1alpha1/tcx_program_types.go | 22 ++++---- .../apis/v1alpha1/uprobe_program_types.go | 24 ++++---- .../apis/v1alpha1/xdp_program_types.go | 20 +++---- 17 files changed, 210 insertions(+), 208 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go index cdfa0290b87..e18360add62 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go @@ -24,40 +24,41 @@ import ( // BpfApplicationProgramState defines the desired state of BpfApplication // +union -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'xdp' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tc' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tcx' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcx configuration is required when type is TCtcxX, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcx configuration is required when type is TCX, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobeInfo) : !has(self.upretrobeInfo)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" type BpfApplicationProgramState struct { BpfProgramStateCommon `json:",inline"` - // Type specifies the bpf program type + // type specifies the bpf program type // +unionDiscriminator - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum:="xdp";"tc";"tcx";"uprobe";"uretprobe" - Type EBPFProgType `json:"type,omitempty"` + // +required + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Uprobe";"UretProbe" + Type EBPFProgType `json:"type"` - // xdp defines the desired state of the application's XdpPrograms. + // xdpInfo defines the desired state of the application's XdpPrograms. // +unionMember // +optional XDPInfo *XdpProgramInfoState `json:"xdpInfo,omitempty"` - // tc defines the desired state of the application's TcPrograms. + // tcInfo defines the desired state of the application's TcPrograms. // +unionMember // +optional TCInfo *TcProgramInfoState `json:"tcInfo,omitempty"` - // tcx defines the desired state of the application's TcxPrograms. + // tcxInfo defines the desired state of the application's TcxPrograms. // +unionMember // +optional TCXInfo *TcxProgramInfoState `json:"tcxInfo,omitempty"` - // uprobe defines the desired state of the application's UprobePrograms. + // uprobeInfo defines the desired state of the application's UprobePrograms. // +unionMember // +optional UprobeInfo *UprobeProgramInfoState `json:"uprobeInfo,omitempty"` - // uretprobe defines the desired state of the application's UretprobePrograms. + // uretprobeInfo defines the desired state of the application's UretprobePrograms. // +unionMember // +optional UretprobeInfo *UprobeProgramInfoState `json:"uretprobeInfo,omitempty"` @@ -65,17 +66,17 @@ type BpfApplicationProgramState struct { // BpfApplicationSpec defines the desired state of BpfApplication type BpfApplicationStateSpec struct { - // Node is the name of the node for this BpfApplicationStateSpec. + // node is the name of the node for this BpfApplicationStateSpec. Node string `json:"node"` - // The number of times the BpfApplicationState has been updated. Set to 1 + // updateCount is the number of times the BpfApplicationState has been updated. Set to 1 // when the object is created, then it is incremented prior to each update. // This allows us to verify that the API server has the updated object prior // to starting a new Reconcile operation. UpdateCount int64 `json:"updateCount"` - // AppLoadStatus reflects the status of loading the bpf application on the + // appLoadStatus reflects the status of loading the bpf application on the // given node. AppLoadStatus AppLoadStatus `json:"appLoadStatus"` - // Programs is a list of bpf programs contained in the parent application. + // programs is a list of bpf programs contained in the parent application. // It is a map from the bpf program name to BpfApplicationProgramState // elements. Programs []BpfApplicationProgramState `json:"programs,omitempty"` diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_types.go index 0af70180c62..6adfbcc6f69 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_types.go @@ -22,42 +22,43 @@ import ( // BpfApplicationProgram defines the desired state of BpfApplication // +union -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'xdp' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tc' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tcx' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobeInfo) : !has(self.upretrobeInfo)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" type BpfApplicationProgram struct { - // Name is the name of the function that is the entry point for the BPF + // name is the name of the function that is the entry point for the BPF // program Name string `json:"name"` - // Type specifies the bpf program type + // type specifies the bpf program type // +unionDiscriminator - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum:="xdp";"tc";"tcx";"uprobe";"uretprobe" - Type EBPFProgType `json:"type,omitempty"` + // +required + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Uprobe";"UretProbe" + Type EBPFProgType `json:"type"` - // xdp defines the desired state of the application's XdpPrograms. + // xdpInfo defines the desired state of the application's XdpPrograms. // +unionMember // +optional XDPInfo *XdpProgramInfo `json:"xdpInfo,omitempty"` - // tc defines the desired state of the application's TcPrograms. + // tcInfo defines the desired state of the application's TcPrograms. // +unionMember // +optional TCInfo *TcProgramInfo `json:"tcInfo,omitempty"` - // tcx defines the desired state of the application's TcxPrograms. + // tcxInfo defines the desired state of the application's TcxPrograms. // +unionMember // +optional TCXInfo *TcxProgramInfo `json:"tcxInfo,omitempty"` - // uprobe defines the desired state of the application's UprobePrograms. + // uprobeInfo defines the desired state of the application's UprobePrograms. // +unionMember // +optional UprobeInfo *UprobeProgramInfo `json:"uprobeInfo,omitempty"` - // uretprobe defines the desired state of the application's UretprobePrograms. + // uretprobeInfo defines the desired state of the application's UretprobePrograms. // +unionMember // +optional UretprobeInfo *UprobeProgramInfo `json:"uretprobeInfo,omitempty"` @@ -67,7 +68,7 @@ type BpfApplicationProgram struct { type BpfApplicationSpec struct { BpfAppCommon `json:",inline"` - // Programs is the list of bpf programs in the BpfApplication that should be + // programs is the list of bpf programs in the BpfApplication that should be // loaded. The application can selectively choose which program(s) to run // from this list based on the optional attach points provided. // +kubebuilder:validation:MinItems:=1 diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go index 7f987e9c249..2af434a39ca 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go @@ -24,71 +24,71 @@ import ( // ClBpfApplicationProgramState defines the desired state of BpfApplication // +union -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'xdp' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tc' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tcx' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'fentry' ? has(self.fentryInfo) : !has(self.fentryInfo)",message="fentryInfo configuration is required when type is fentry, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'fexit' ? has(self.fexitInfo) : !has(self.fexitInfo)",message="fexitInfo configuration is required when type is fexit, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'kprobe' ? has(self.kprobeInfo) : !has(self.kprobeInfo)",message="kprobeInfo configuration is required when type is kprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'kretprobe' ? has(self.kretprobeInfo) : !has(self.kretprobeInfo)",message="kretprobeInfo configuration is required when type is kretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uretprobe' ? has(self.uretprobeInfo) : !has(self.uretprobeInfo)",message="uretprobeInfo configuration is required when type is uretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tracepoint' ? has(self.tracepointInfo) : !has(self.tracepointInfo)",message="tracepointInfo configuration is required when type is tracepoint, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentryInfo) : !has(self.fentryInfo)",message="fentryInfo configuration is required when type is fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexitInfo) : !has(self.fexitInfo)",message="fexitInfo configuration is required when type is fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobeInfo) : !has(self.kprobeInfo)",message="kprobeInfo configuration is required when type is kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KretProbe' ? has(self.kretprobeInfo) : !has(self.kretprobeInfo)",message="kretprobeInfo configuration is required when type is kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobeInfo) : !has(self.uretprobeInfo)",message="uretprobeInfo configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepointInfo) : !has(self.tracepointInfo)",message="tracepointInfo configuration is required when type is tracepoint, and forbidden otherwise" type ClBpfApplicationProgramState struct { BpfProgramStateCommon `json:",inline"` - // Type specifies the bpf program type + // type specifies the bpf program type // +unionDiscriminator - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum:="xdp";"tc";"tcx";"fentry";"fexit";"kprobe";"kretprobe";"uprobe";"uretprobe";"tracepoint" + // +required + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Fentry";"Fexit";"Kprobe";"KretProbe";"Uprobe";"UretProbe";"TracePoint" - Type EBPFProgType `json:"type,omitempty"` + Type EBPFProgType `json:"type"` - // xdp defines the desired state of the application's XdpPrograms. + // xdpInfo defines the desired state of the application's XdpPrograms. // +unionMember // +optional XDPInfo *ClXdpProgramInfoState `json:"xdpInfo,omitempty"` - // tc defines the desired state of the application's TcPrograms. + // tcInfo defines the desired state of the application's TcPrograms. // +unionMember // +optional TCInfo *ClTcProgramInfoState `json:"tcInfo,omitempty"` - // tcx defines the desired state of the application's TcxPrograms. + // tcxInfo defines the desired state of the application's TcxPrograms. // +unionMember // +optional TCXInfo *ClTcxProgramInfoState `json:"tcxInfo,omitempty"` - // fentry defines the desired state of the application's FentryPrograms. + // fentryInfo defines the desired state of the application's FentryPrograms. // +unionMember // +optional FentryInfo *ClFentryProgramInfoState `json:"fentryInfo,omitempty"` - // fexit defines the desired state of the application's FexitPrograms. + // fexitInfo defines the desired state of the application's FexitPrograms. // +unionMember // +optional FexitInfo *ClFexitProgramInfoState `json:"fexitInfo,omitempty"` - // kprobe defines the desired state of the application's KprobePrograms. + // kprobeInfo defines the desired state of the application's KprobePrograms. // +unionMember // +optional KprobeInfo *ClKprobeProgramInfoState `json:"kprobeInfo,omitempty"` - // kprobe defines the desired state of the application's KprobePrograms. + // kretprobeInfo defines the desired state of the application's KprobePrograms. // +unionMember // +optional KretprobeInfo *ClKprobeProgramInfoState `json:"kretprobeInfo,omitempty"` - // uprobe defines the desired state of the application's UprobePrograms. + // uprobeInfo defines the desired state of the application's UprobePrograms. // +unionMember // +optional UprobeInfo *ClUprobeProgramInfoState `json:"uprobeInfo,omitempty"` - // uretprobe defines the desired state of the application's UretprobePrograms. + // uretprobeInfo defines the desired state of the application's UretprobePrograms. // +unionMember // +optional UretprobeInfo *ClUprobeProgramInfoState `json:"uretprobeInfo,omitempty"` - // tracepoint defines the desired state of the application's TracepointPrograms. + // tracepointInfo defines the desired state of the application's TracepointPrograms. // +unionMember // +optional TracepointInfo *ClTracepointProgramInfoState `json:"tracepointInfo,omitempty"` @@ -96,17 +96,17 @@ type ClBpfApplicationProgramState struct { // BpfApplicationSpec defines the desired state of BpfApplication type ClBpfApplicationStateSpec struct { - // Node is the name of the node for this BpfApplicationStateSpec. + // node is the name of the node for this BpfApplicationStateSpec. Node string `json:"node"` - // The number of times the BpfApplicationState has been updated. Set to 1 + // updateCount is the number of times the BpfApplicationState has been updated. Set to 1 // when the object is created, then it is incremented prior to each update. // This allows us to verify that the API server has the updated object prior // to starting a new Reconcile operation. UpdateCount int64 `json:"updateCount"` - // AppLoadStatus reflects the status of loading the bpf application on the + // appLoadStatus reflects the status of loading the bpf application on the // given node. AppLoadStatus AppLoadStatus `json:"appLoadStatus"` - // Programs is a list of bpf programs contained in the parent application. + // programs is a list of bpf programs contained in the parent application. // It is a map from the bpf program name to BpfApplicationProgramState // elements. Programs []ClBpfApplicationProgramState `json:"programs,omitempty"` diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go index dda549c08c8..8048a0637a7 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go @@ -57,73 +57,73 @@ const ( // ClBpfApplicationProgram defines the desired state of BpfApplication // +union -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'xdp' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tc' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tcx' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'fentry' ? has(self.fentryInfo) : !has(self.fentryInfo)",message="fentryInfo configuration is required when type is fentry, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'fexit' ? has(self.fexitInfo) : !has(self.fexitInfo)",message="fexitInfo configuration is required when type is fexit, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'kprobe' ? has(self.kprobeInfo) : !has(self.kprobeInfo)",message="kprobeInfo configuration is required when type is kprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'kretprobe' ? has(self.kretprobeInfo) : !has(self.kretprobeInfo)",message="kretprobeInfo configuration is required when type is kretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'uretprobe' ? has(self.uretprobeInfo) : !has(self.uretprobeInfo)",message="uretprobeInfo configuration is required when type is uretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'tracepoint' ? has(self.tracepointInfo) : !has(self.tracepointInfo)",message="tracepointInfo configuration is required when type is tracepoint, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentryInfo) : !has(self.fentryInfo)",message="fentryInfo configuration is required when type is fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexitInfo) : !has(self.fexitInfo)",message="fexitInfo configuration is required when type is fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobeInfo) : !has(self.kprobeInfo)",message="kprobeInfo configuration is required when type is kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KretProbe' ? has(self.kretprobeInfo) : !has(self.kretprobeInfo)",message="kretprobeInfo configuration is required when type is kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobeInfo) : !has(self.uretprobeInfo)",message="uretprobeInfo configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepointInfo) : !has(self.tracepointInfo)",message="tracepointInfo configuration is required when type is tracepoint, and forbidden otherwise" type ClBpfApplicationProgram struct { - // Name is the name of the function that is the entry point for the BPF + // name is the name of the function that is the entry point for the BPF // program Name string `json:"name"` - // Type specifies the bpf program type + // type specifies the bpf program type // +unionDiscriminator - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum:="xdp";"tc";"tcx";"fentry";"fexit";"kprobe";"kretprobe";"uprobe";"uretprobe";"tracepoint" - Type EBPFProgType `json:"type,omitempty"` + // +required + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Fentry";"Fexit";"Kprobe";"KretProbe";"Uprobe";"UretProbe";"TracePoint" + Type EBPFProgType `json:"type"` - // xdp defines the desired state of the application's XdpPrograms. + // xdpInfo defines the desired state of the application's XdpPrograms. // +unionMember // +optional XDPInfo *ClXdpProgramInfo `json:"xdpInfo,omitempty"` - // tc defines the desired state of the application's TcPrograms. + // tcInfo defines the desired state of the application's TcPrograms. // +unionMember // +optional TCInfo *ClTcProgramInfo `json:"tcInfo,omitempty"` - // tcx defines the desired state of the application's TcxPrograms. + // tcxInfo defines the desired state of the application's TcxPrograms. // +unionMember // +optional TCXInfo *ClTcxProgramInfo `json:"tcxInfo,omitempty"` - // fentry defines the desired state of the application's FentryPrograms. + // fentryInfo defines the desired state of the application's FentryPrograms. // +unionMember // +optional FentryInfo *ClFentryProgramInfo `json:"fentryInfo,omitempty"` - // fexit defines the desired state of the application's FexitPrograms. + // fexitInfo defines the desired state of the application's FexitPrograms. // +unionMember // +optional FexitInfo *ClFexitProgramInfo `json:"fexitInfo,omitempty"` - // kprobe defines the desired state of the application's KprobePrograms. + // kprobeInfo defines the desired state of the application's KprobePrograms. // +unionMember // +optional KprobeInfo *ClKprobeProgramInfo `json:"kprobeInfo,omitempty"` - // kretprobe defines the desired state of the application's KretprobePrograms. + // kretprobeInfo defines the desired state of the application's KretprobePrograms. // +unionMember // +optional KretprobeInfo *ClKprobeProgramInfo `json:"kretprobeInfo,omitempty"` - // uprobe defines the desired state of the application's UprobePrograms. + // uprobeInfo defines the desired state of the application's UprobePrograms. // +unionMember // +optional UprobeInfo *ClUprobeProgramInfo `json:"uprobeInfo,omitempty"` - // uretprobe defines the desired state of the application's UretprobePrograms. + // uretprobeInfo defines the desired state of the application's UretprobePrograms. // +unionMember // +optional UretprobeInfo *ClUprobeProgramInfo `json:"uretprobeInfo,omitempty"` - // tracepoint defines the desired state of the application's TracepointPrograms. + // tracepointInfo defines the desired state of the application's TracepointPrograms. // +unionMember // +optional TracepointInfo *ClTracepointProgramInfo `json:"tracepointInfo,omitempty"` @@ -132,7 +132,7 @@ type ClBpfApplicationProgram struct { // ClBpfApplicationSpec defines the desired state of BpfApplication type ClBpfApplicationSpec struct { BpfAppCommon `json:",inline"` - // Programs is the list of bpf programs in the BpfApplication that should be + // programs is the list of bpf programs in the BpfApplication that should be // loaded. The application can selectively choose which program(s) to run // from this list based on the optional attach points provided. // +kubebuilder:validation:MinItems:=1 diff --git a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go index a911ff59ab0..30241df0f48 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go @@ -31,7 +31,7 @@ type ClFentryProgramInfo struct { // ClFentryLoadInfo contains the program-specific load information for Fentry // programs type ClFentryLoadInfo struct { - // Function is the name of the function to attach the Fentry program to. + // function is the name of the function to attach the Fentry program to. Function string `json:"function"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go index dc5213250ef..56a491f4a30 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go @@ -31,7 +31,7 @@ type ClFexitProgramInfo struct { // ClFexitLoadInfo contains the program-specific load information for Fexit // programs type ClFexitLoadInfo struct { - // Function is the name of the function to attach the Fexit program to. + // function is the name of the function to attach the Fexit program to. Function string `json:"function"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go index 27764701439..a466c7a3424 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go @@ -28,10 +28,10 @@ type ClKprobeProgramInfo struct { } type ClKprobeAttachInfo struct { - // Function to attach the kprobe to. + // function to attach the kprobe to. Function string `json:"function"` - // Offset added to the address of the function for kprobe. + // offset added to the address of the function for kprobe. // The offset must be zero for kretprobes. // TODO: Add a webhook to enforce kretprobe offset=0. // See: https://github.com/bpfman/bpfman-operator/issues/403 diff --git a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go index fdb7a942284..a43d3931798 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go @@ -31,28 +31,28 @@ type ClTcProgramInfo struct { } type ClTcAttachInfo struct { - // Selector to determine the network interface (or interfaces) + // interfaceSelector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // Containers identifies the set of containers in which to attach the eBPF + // containers identifies the set of containers in which to attach the eBPF // program. If Containers is not specified, the BPF program will be attached // in the root network namespace. // +optional Containers *ClContainerSelector `json:"containers"` - // Direction specifies the direction of traffic the tc program should + // direction specifies the direction of traffic the tc program should // attach to for a given network device. // +kubebuilder:validation:Enum=ingress;egress Direction string `json:"direction"` - // Priority specifies the priority of the tc program in relation to + // priority specifies the priority of the tc program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // ProceedOn allows the user to call other tc programs in chain on this exit code. + // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional // +kubebuilder:validation:MaxItems=11 @@ -61,10 +61,10 @@ type ClTcAttachInfo struct { } type ClTcProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry + // links is the List of attach points for the BPF program on the given node. Each entry // in *AttachInfoState represents a specific, unique attach point that is // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the + // also contains information about the attached point required by the // reconciler // +optional // +kubebuilder:default:={} @@ -74,26 +74,26 @@ type ClTcProgramInfoState struct { type ClTcAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Interface name to attach the tc program to. + // ifname is the Interface name to attach the tc program to. IfName string `json:"ifName"` // Optional container pid to attach the tc program in. // +optional ContainerPid *int32 `json:"containerPid"` - // Direction specifies the direction of traffic the tc program should + // direction specifies the direction of traffic the tc program should // attach to for a given network device. // +kubebuilder:validation:Enum=ingress;egress Direction string `json:"direction"` - // Priority specifies the priority of the tc program in relation to + // priority specifies the priority of the tc program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // ProceedOn allows the user to call other tc programs in chain on this exit code. + // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +kubebuilder:validation:MaxItems=11 ProceedOn []TcProceedOnValue `json:"proceedOn"` diff --git a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go index d2c30f3ff65..cb371a8f435 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go @@ -20,29 +20,29 @@ package v1alpha1 // ClTcxProgramInfo defines the tcx program details type ClTcxProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is the list of points to which the program should be attached. The list items + // are optional and may be updated after the bpf program has been loaded // +optional // +kubebuilder:default:={} Links []ClTcxAttachInfo `json:"links"` } type ClTcxAttachInfo struct { - // Selector to determine the network interface (or interfaces) + // interfaceSelector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // Containers identifies the set of containers in which to attach the eBPF + // containers identify the set of containers in which to attach the eBPF // program. If Containers is not specified, the BPF program will be attached // in the root network namespace. // +optional Containers *ClContainerSelector `json:"containers"` - // Direction specifies the direction of traffic the tcx program should + // direction specifies the direction of traffic the tcx program should // attach to for a given network device. // +kubebuilder:validation:Enum=ingress;egress Direction string `json:"direction"` - // Priority specifies the priority of the tcx program in relation to + // priority specifies the priority of the tcx program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 @@ -64,19 +64,19 @@ type ClTcxProgramInfoState struct { type ClTcxAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Interface name to attach the tcx program to. + // ifname is the interface name to attach the tcx program to. IfName string `json:"ifName"` - // Optional container pid to attach the tcx program in. + // containerPid is the container pid to attach the tcx program in. // +optional ContainerPid *int32 `json:"containerPid"` - // Direction specifies the direction of traffic the tcx program should + // direction specifies the direction of traffic the tcx program should // attach to for a given network device. // +kubebuilder:validation:Enum=ingress;egress Direction string `json:"direction"` - // Priority specifies the priority of the tcx program in relation to + // priority specifies the priority of the tcx program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 diff --git a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go index 6d932349b1f..978859e82a6 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go @@ -20,21 +20,21 @@ package v1alpha1 // ClTracepointProgramInfo contains the Tracepoint program details type ClTracepointProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is the list of points to which the program should be attached. The list items + // are optional and may be updated after the bpf program has been loaded // +optional // +kubebuilder:default:={} Links []ClTracepointAttachInfo `json:"links"` } type ClTracepointAttachInfo struct { - // Name refers to the name of a kernel tracepoint to attach the + // name refers to the name of a kernel tracepoint to attach the // bpf program to. Name string `json:"name"` } type ClTracepointProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry + // links is the list of attach points for the BPF program on the given node. Each entry // in *AttachInfoState represents a specific, unique attach point that is // derived from *AttachInfo by fully expanding any selectors. Each entry // also contains information about the attach point required by the diff --git a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go index 488b511ee87..0cc6a7b2e9d 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go @@ -20,7 +20,7 @@ package v1alpha1 // ClUprobeProgramInfo contains the information for the uprobe program type ClUprobeProgramInfo struct { - // The list of points to which the program should be attached. The list items + // links in the list of points to which the program should be attached. The list items // are optional and may be udated after the bpf program has been loaded // +optional // +kubebuilder:default:={} @@ -28,24 +28,24 @@ type ClUprobeProgramInfo struct { } type ClUprobeAttachInfo struct { - // Function to attach the uprobe to. + // function to attach the uprobe to. // +optional Function string `json:"function"` - // Offset added to the address of the function for uprobe. + // offset added to the address of the function for uprobe. // +optional // +kubebuilder:default:=0 Offset uint64 `json:"offset"` - // Library name or the absolute path to a binary or library. + // target is the Library name or the absolute path to a binary or library. Target string `json:"target"` - // Only execute uprobe for given process identification number (PID). If PID + // pid only execute uprobe for given process identification number (PID). If PID // is not provided, uprobe executes for all PIDs. // +optional Pid *int32 `json:"pid"` - // Containers identifies the set of containers in which to attach the + // containers identify the set of containers in which to attach the // uprobe. If Containers is not specified, the uprobe will be attached in // the bpfman-agent container. // +optional @@ -53,7 +53,7 @@ type ClUprobeAttachInfo struct { } type ClUprobeProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry + // links is the list of attach points for the BPF program on the given node. Each entry // in *AttachInfoState represents a specific, unique attach point that is // derived from *AttachInfo by fully expanding any selectors. Each entry // also contains information about the attach point required by the @@ -66,19 +66,19 @@ type ClUprobeProgramInfoState struct { type ClUprobeAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Function to attach the uprobe to. + // function to attach the uprobe to. // +optional Function string `json:"function"` - // Offset added to the address of the function for uprobe. + // offset added to the address of the function for uprobe. // +optional // +kubebuilder:default:=0 Offset uint64 `json:"offset"` - // Library name or the absolute path to a binary or library. + // target is the library name or the absolute path to a binary or library. Target string `json:"target"` - // Only execute uprobe for given process identification number (PID). If PID + // pid only execute uprobe for given process identification number (PID). If PID // is not provided, uprobe executes for all PIDs. // +optional Pid *int32 `json:"pid"` diff --git a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go index ddbf4aa80bb..3a41a6ac7fc 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go @@ -23,31 +23,31 @@ type XdpProceedOnValue string // ClXdpProgramInfo contains the xdp program details type ClXdpProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is the list of points to which the program should be attached. The list items + // are optional and may be updated after the bpf program has been loaded // +optional // +kubebuilder:default:={} Links []ClXdpAttachInfo `json:"links"` } type ClXdpAttachInfo struct { - // Selector to determine the network interface (or interfaces) + // interfaceSelector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // Containers identifies the set of containers in which to attach the eBPF + // containers identify the set of containers in which to attach the eBPF // program. If Containers is not specified, the BPF program will be attached // in the root network namespace. // +optional Containers *ClContainerSelector `json:"containers"` - // Priority specifies the priority of the bpf program in relation to + // priority specifies the priority of the bpf program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional // +kubebuilder:validation:MaxItems=6 @@ -56,7 +56,7 @@ type ClXdpAttachInfo struct { } type ClXdpProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry + // links is the list of attach points for the BPF program on the given node. Each entry // in *AttachInfoState represents a specific, unique attach point that is // derived from *AttachInfo by fully expanding any selectors. Each entry // also contains information about the attach point required by the @@ -69,21 +69,21 @@ type ClXdpProgramInfoState struct { type ClXdpAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Interface name to attach the xdp program to. + // ifname is the interface name to attach the xdp program to. IfName string `json:"ifName"` - // Optional container pid to attach the xdp program in. + // containerPid is an optional container pid to attach the xdp program in. // +optional ContainerPid *int32 `json:"containerPid"` - // Priority specifies the priority of the xdp program in relation to + // priority specifies the priority of the xdp program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +kubebuilder:validation:MaxItems=6 ProceedOn []XdpProceedOnValue `json:"proceedOn"` diff --git a/bpfman-operator/apis/v1alpha1/shared_types.go b/bpfman-operator/apis/v1alpha1/shared_types.go index e1165ce0b98..a725af9ceb5 100644 --- a/bpfman-operator/apis/v1alpha1/shared_types.go +++ b/bpfman-operator/apis/v1alpha1/shared_types.go @@ -25,12 +25,12 @@ import ( // +kubebuilder:validation:MaxProperties=1 // +kubebuilder:validation:MinProperties=1 type InterfaceSelector struct { - // Interfaces refers to a list of network interfaces to attach the BPF + // interfaces refers to a list of network interfaces to attach the BPF // program to. // +optional Interfaces *[]string `json:"interfaces,omitempty"` - // Attach BPF program to the primary interface on the node. Only 'true' accepted. + // primaryNodeInterface to attach BPF program to the primary interface on the node. Only 'true' accepted. // +optional PrimaryNodeInterface *bool `json:"primaryNodeInterface,omitempty"` } @@ -38,16 +38,16 @@ type InterfaceSelector struct { // ClContainerSelector identifies a set of containers. For example, this can be // used to identify a set of containers in which to attach uprobes. type ClContainerSelector struct { - // Target namespaces. + // namespaces indicate the target namespaces. // +optional // +kubebuilder:default:="" Namespace string `json:"namespace"` - // Target pods. This field must be specified, to select all pods use + // pods indicate the target pods. This field must be specified, to select all pods use // standard metav1.LabelSelector semantics and make it empty. Pods metav1.LabelSelector `json:"pods"` - // Name(s) of container(s). If none are specified, all containers in the + // containerNames indicate the Name(s) of container(s). If none are specified, all containers in the // pod are selected. // +optional ContainerNames *[]string `json:"containerNames,omitempty"` @@ -57,11 +57,11 @@ type ClContainerSelector struct { // in that "Namespace" was removed. Namespace scoped programs can only attach to the namespace // they are created in, so namespace at this level doesn't apply. type ContainerSelector struct { - // Target pods. This field must be specified, to select all pods use + // pods indicate the target pods. This field must be specified, to select all pods use // standard metav1.LabelSelector semantics and make it empty. Pods metav1.LabelSelector `json:"pods"` - // Name(s) of container(s). If none are specified, all containers in the + // containerNames indicate the name(s) of container(s). If none are specified, all containers in the // pod are selected. // +optional ContainerNames *[]string `json:"containerNames,omitempty"` @@ -69,24 +69,24 @@ type ContainerSelector struct { // BpfAppCommon defines the common attributes for all BpfApp programs type BpfAppCommon struct { - // NodeSelector allows the user to specify which nodes to deploy the + // nodeSelector allows the user to specify which nodes to deploy the // bpf program to. This field must be specified, to select all nodes // use standard metav1.LabelSelector semantics and make it empty. NodeSelector metav1.LabelSelector `json:"nodeSelector"` - // GlobalData allows the user to set global variables when the program is loaded + // globalData allows the user to set global variables when the program is loaded // with an array of raw bytes. This is a very low level primitive. The caller // is responsible for formatting the byte string appropriately considering // such things as size, endianness, alignment and packing of data structures. // +optional GlobalData map[string][]byte `json:"globalData,omitempty"` - // Bytecode configures where the bpf program's bytecode should be loaded + // bytecode configures where the bpf program's bytecode should be loaded // from. ByteCode ByteCodeSelector `json:"byteCode"` // TODO: need to work out how MapOwnerSelector will work after load-attach-split - // MapOwnerSelector is used to select the loaded eBPF program this eBPF program + // mapOwnerSelector is used to select the loaded eBPF program this eBPF program // will share a map with. // +optional MapOwnerSelector *metav1.LabelSelector `json:"mapOwnerSelector"` @@ -107,27 +107,27 @@ type BpfAppStatus struct { // AttachInfoStateCommon reflects the status for one attach point for a given bpf // application program type AttachInfoStateCommon struct { - // ShouldAttach reflects whether the attachment should exist. + // shouldAttach reflects whether the attachment should exist. ShouldAttach bool `json:"shouldAttach"` - // Unique identifier for the attach point assigned by bpfman agent. + // uuid is an Unique identifier for the attach point assigned by bpfman agent. UUID string `json:"uuid"` - // An identifier for the link assigned by bpfman. This field is + // linkId is an identifier for the link assigned by bpfman. This field is // empty until the program is successfully attached and bpfman returns the // id. LinkId *uint32 `json:"linkId"` - // LinkStatus reflects whether the attachment has been reconciled + // linkStatus reflects whether the attachment has been reconciled // successfully, and if not, why. LinkStatus LinkStatus `json:"linkStatus"` } type BpfProgramStateCommon struct { - // Name is the name of the function that is the entry point for the BPF + // name is the name of the function that is the entry point for the BPF // program Name string `json:"name"` - // ProgramLinkStatus reflects whether all links requested for the program + // programLinkStatus reflects whether all links requested for the program // are in the correct state. ProgramLinkStatus ProgramLinkStatus `json:"programLinkStatus"` - // ProgramId is the id of the program in the kernel. Not set until the + // programId is the id of the program in the kernel. Not set until the // program is loaded. // +optional ProgramId *uint32 `json:"programId"` @@ -148,24 +148,24 @@ const ( // ByteCodeSelector defines the various ways to reference bpf bytecode objects. type ByteCodeSelector struct { - // Image used to specify a bytecode container image. + // image used to specify a bytecode container image. Image *ByteCodeImage `json:"image,omitempty"` - // Path is used to specify a bytecode object via filepath. + // path is used to specify a bytecode object via filepath. Path *string `json:"path,omitempty"` } // ByteCodeImage defines how to specify a bytecode container image. type ByteCodeImage struct { - // Valid container image URL used to reference a remote bytecode image. + // url is a valid container image URL used to reference a remote bytecode image. Url string `json:"url"` - // PullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent. + // pullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent. // +kubebuilder:default:=IfNotPresent // +optional ImagePullPolicy PullPolicy `json:"imagePullPolicy"` - // ImagePullSecret is the name of the secret bpfman should use to get remote image + // imagePullSecret is the name of the secret bpfman should use to get remote image // repository secrets. // +optional ImagePullSecret *ImagePullSecretSelector `json:"imagePullSecret,omitempty"` @@ -173,10 +173,10 @@ type ByteCodeImage struct { // ImagePullSecretSelector defines the name and namespace of an image pull secret. type ImagePullSecretSelector struct { - // Name of the secret which contains the credentials to access the image repository. + // name of the secret which contains the credentials to access the image repository. Name string `json:"name"` - // Namespace of the secret which contains the credentials to access the image repository. + // namespace of the secret which contains the credentials to access the image repository. Namespace string `json:"namespace"` } diff --git a/bpfman-operator/apis/v1alpha1/tc_program_types.go b/bpfman-operator/apis/v1alpha1/tc_program_types.go index d6ac9f07104..61217ac364b 100644 --- a/bpfman-operator/apis/v1alpha1/tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tc_program_types.go @@ -20,34 +20,34 @@ package v1alpha1 // TcProgramInfo defines the tc program details type TcProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is the list of points to which the program should be attached. The list items + // are optional and may be updated after the bpf program has been loaded // +optional // +kubebuilder:default:={} Links []TcAttachInfo `json:"links"` } type TcAttachInfo struct { - // Selector to determine the network interface (or interfaces) + // interfaceSelector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // Containers identifies the set of containers in which to attach the eBPF + // containers identify the set of containers in which to attach the eBPF // program. Containers ContainerSelector `json:"containers"` - // Direction specifies the direction of traffic the tc program should + // direction specifies the direction of traffic the tc program should // attach to for a given network device. // +kubebuilder:validation:Enum=ingress;egress Direction string `json:"direction"` - // Priority specifies the priority of the tc program in relation to + // priority specifies the priority of the tc program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // ProceedOn allows the user to call other tc programs in chain on this exit code. + // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional // +kubebuilder:validation:MaxItems=11 @@ -56,7 +56,7 @@ type TcAttachInfo struct { } type TcProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry + // links is the List of attach points for the BPF program on the given node. Each entry // in *AttachInfoState represents a specific, unique attach point that is // derived from *AttachInfo by fully expanding any selectors. Each entry // also contains information about the attach point required by the @@ -69,25 +69,25 @@ type TcProgramInfoState struct { type TcAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Interface name to attach the tc program to. + // ifName is the interface name to attach the tc program to. IfName string `json:"ifName"` - // Container pid to attach the tc program in. + // containerPid is the Container pid to attach the tc program in. ContainerPid int32 `json:"containerPid"` - // Direction specifies the direction of traffic the tc program should + // direction specifies the direction of traffic the tc program should // attach to for a given network device. // +kubebuilder:validation:Enum=ingress;egress Direction string `json:"direction"` - // Priority specifies the priority of the tc program in relation to + // priority specifies the priority of the tc program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // ProceedOn allows the user to call other tc programs in chain on this exit code. + // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +kubebuilder:validation:MaxItems=11 ProceedOn []TcProceedOnValue `json:"proceedOn"` diff --git a/bpfman-operator/apis/v1alpha1/tcx_program_types.go b/bpfman-operator/apis/v1alpha1/tcx_program_types.go index d1619bb8f51..17668ba75b5 100644 --- a/bpfman-operator/apis/v1alpha1/tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tcx_program_types.go @@ -20,27 +20,27 @@ package v1alpha1 // TcxProgramInfo defines the tcx program details type TcxProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is The list of points to which the program should be attached. The list items + // are optional and may be updated after the bpf program has been loaded // +optional // +kubebuilder:default:={} Links []TcxAttachInfo `json:"links"` } type TcxAttachInfo struct { - // Selector to determine the network interface (or interfaces) + // interfaceSelector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // Containers identifies the set of containers in which to attach the eBPF + // containers identify the set of containers in which to attach the eBPF // program. Containers ContainerSelector `json:"containers"` - // Direction specifies the direction of traffic the tcx program should + // direction specifies the direction of traffic the tcx program should // attach to for a given network device. // +kubebuilder:validation:Enum=ingress;egress Direction string `json:"direction"` - // Priority specifies the priority of the tcx program in relation to + // priority specifies the priority of the tcx program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 @@ -49,7 +49,7 @@ type TcxAttachInfo struct { } type TcxProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry + // links is the List of attach points for the BPF program on the given node. Each entry // in *AttachInfoState represents a specific, unique attach point that is // derived from *AttachInfo by fully expanding any selectors. Each entry // also contains information about the attach point required by the @@ -62,18 +62,18 @@ type TcxProgramInfoState struct { type TcxAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Interface name to attach the tcx program to. + // ifName is the interface name to attach the tcx program to. IfName string `json:"ifName"` - // Container pid to attach the tcx program in. + // containerPid is the container pid to attach the tcx program in. ContainerPid int32 `json:"containerPid"` - // Direction specifies the direction of traffic the tcx program should + // direction specifies the direction of traffic the tcx program should // attach to for a given network device. // +kubebuilder:validation:Enum=ingress;egress Direction string `json:"direction"` - // Priority specifies the priority of the tcx program in relation to + // priority specifies the priority of the tcx program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 diff --git a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go index 2e001516883..6d869e0010d 100644 --- a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go @@ -20,32 +20,32 @@ package v1alpha1 // UprobeProgramInfo contains the information for the uprobe program type UprobeProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is The list of points to which the program should be attached. The list items + // are optional and may be updated after the bpf program has been loaded // +optional // +kubebuilder:default:={} Links []UprobeAttachInfo `json:"links"` } type UprobeAttachInfo struct { - // Function to attach the uprobe to. + // function to attach the uprobe to. // +optional Function string `json:"function"` - // Offset added to the address of the function for uprobe. + // offset added to the address of the function for uprobe. // +optional // +kubebuilder:default:=0 Offset uint64 `json:"offset"` - // Library name or the absolute path to a binary or library. + // target is the Library name or the absolute path to a binary or library. Target string `json:"target"` - // Only execute uprobe for given process identification number (PID). If PID + // pid is only execute uprobe for given process identification number (PID). If PID // is not provided, uprobe executes for all PIDs. // +optional Pid *int32 `json:"pid"` - // Containers identifies the set of containers in which to attach the + // containers identify the set of containers in which to attach the // uprobe. Containers ContainerSelector `json:"containers"` } @@ -64,24 +64,24 @@ type UprobeProgramInfoState struct { type UprobeAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Function to attach the uprobe to. + // function to attach the uprobe to. // +optional Function string `json:"function"` - // Offset added to the address of the function for uprobe. + // offset added to the address of the function for uprobe. // +optional // +kubebuilder:default:=0 Offset uint64 `json:"offset"` - // Library name or the absolute path to a binary or library. + // target is the library name or the absolute path to a binary or library. Target string `json:"target"` - // Only execute uprobe for given process identification number (PID). If PID + // pid is Only execute uprobe for given process identification number (PID). If PID // is not provided, uprobe executes for all PIDs. // +optional Pid *int32 `json:"pid"` - // Container pid to attach the uprobe program in. + // containerPid is container pid to attach the uprobe program in. // +optional ContainerPid int32 `json:"containerPid"` } diff --git a/bpfman-operator/apis/v1alpha1/xdp_program_types.go b/bpfman-operator/apis/v1alpha1/xdp_program_types.go index 01c436e9fa8..fd191fdf74b 100644 --- a/bpfman-operator/apis/v1alpha1/xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/xdp_program_types.go @@ -20,7 +20,7 @@ package v1alpha1 // XdpProgramInfo contains the xdp program details type XdpProgramInfo struct { - // The list of points to which the program should be attached. The list items + // links is the list of points to which the program should be attached. The list items // are optional and may be udated after the bpf program has been loaded // +optional // +kubebuilder:default:={} @@ -28,21 +28,21 @@ type XdpProgramInfo struct { } type XdpAttachInfo struct { - // Selector to determine the network interface (or interfaces) + // interfaceSelector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // Containers identifies the set of containers in which to attach the eBPF + // containers identify the set of containers in which to attach the eBPF // program. Containers ContainerSelector `json:"containers"` - // Priority specifies the priority of the bpf program in relation to + // priority specifies the priority of the bpf program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional // +kubebuilder:validation:MaxItems=6 @@ -51,7 +51,7 @@ type XdpAttachInfo struct { } type XdpProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry + // links is the list of attach points for the BPF program on the given node. Each entry // in *AttachInfoState represents a specific, unique attach point that is // derived from *AttachInfo by fully expanding any selectors. Each entry // also contains information about the attach point required by the @@ -64,20 +64,20 @@ type XdpProgramInfoState struct { type XdpAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Interface name to attach the xdp program to. + // ifName is interface name to attach the xdp program to. IfName string `json:"ifName"` - // Container pid to attach the xdp program in. + // containerPid Container pid to attach the xdp program in. ContainerPid int32 `json:"containerPid"` - // Priority specifies the priority of the xdp program in relation to + // priority specifies the priority of the xdp program in relation to // other programs of the same type with the same attach point. It is a value // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +kubebuilder:validation:MaxItems=6 ProceedOn []XdpProceedOnValue `json:"proceedOn"` From 89fb437c0dd318ef826e72e99e6782cb18f9a42f Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Tue, 11 Mar 2025 17:03:25 -0400 Subject: [PATCH 03/15] use enum for fentry and fexit attach Signed-off-by: Mohamed Mahmoud --- .../apis/v1alpha1/cluster_fentry_program_types.go | 11 +++++++++-- .../apis/v1alpha1/cluster_fexit_program_types.go | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go index 30241df0f48..7daf340fb6d 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go @@ -35,12 +35,19 @@ type ClFentryLoadInfo struct { Function string `json:"function"` } +type AttachType string + +const ( + Attach AttachType = "true" + Dettach AttachType = "false" +) + // ClFentryAttachInfo indicates that the Fentry program should be attached to // the function identified in ClFentryLoadInfo. The only valid value for Attach // is true. type ClFentryAttachInfo struct { - // +kubebuilder:validation:Enum=true - Attach bool `json:"attach"` + // +kubebuilder:validation:Enum==Attach;Dettach; + Attach AttachType `json:"attach"` } type ClFentryProgramInfoState struct { diff --git a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go index 56a491f4a30..e71d9e2792f 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go @@ -39,8 +39,8 @@ type ClFexitLoadInfo struct { // the function identified in ClFentryLoadInfo. The only valid value for Attach // is true. type ClFexitAttachInfo struct { - // +kubebuilder:validation:Enum=true - Attach bool `json:"attach"` + // +kubebuilder:validation:Enum==Attach;Dettach; + Attach AttachType `json:"attach"` } type ClFexitProgramInfoState struct { From 5f3305aea96182125dfb1760dfa720da58d28fb2 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Wed, 12 Mar 2025 12:56:06 -0400 Subject: [PATCH 04/15] Addressed more review comments Signed-off-by: Mohamed Mahmoud --- .../apis/v1alpha1/cluster_fentry_program_types.go | 11 +++++------ .../apis/v1alpha1/cluster_fexit_program_types.go | 5 ++--- .../apis/v1alpha1/cluster_kprobe_program_types.go | 1 - .../apis/v1alpha1/cluster_tc_program_types.go | 8 +++----- .../apis/v1alpha1/cluster_tcx_program_types.go | 1 - .../apis/v1alpha1/cluster_tracepoint_program_types.go | 1 - .../apis/v1alpha1/cluster_uprobe_program_types.go | 1 - .../apis/v1alpha1/cluster_xdp_program_types.go | 5 ++--- bpfman-operator/apis/v1alpha1/tc_program_types.go | 5 ++--- bpfman-operator/apis/v1alpha1/tcx_program_types.go | 1 - bpfman-operator/apis/v1alpha1/uprobe_program_types.go | 1 - bpfman-operator/apis/v1alpha1/xdp_program_types.go | 4 ++-- 12 files changed, 16 insertions(+), 28 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go index 7daf340fb6d..36ffe8aa135 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // ClFentryProgramInfo defines the Fentry program details @@ -35,19 +34,19 @@ type ClFentryLoadInfo struct { Function string `json:"function"` } -type AttachType string +type AttachTypeAttach string const ( - Attach AttachType = "true" - Dettach AttachType = "false" + Attach AttachTypeAttach = "Attach" + Dettach AttachTypeAttach = "Detach" ) // ClFentryAttachInfo indicates that the Fentry program should be attached to // the function identified in ClFentryLoadInfo. The only valid value for Attach // is true. type ClFentryAttachInfo struct { - // +kubebuilder:validation:Enum==Attach;Dettach; - Attach AttachType `json:"attach"` + // +kubebuilder:validation:Enum=Attach;Dettach; + Mode AttachTypeAttach `json:"mode"` } type ClFentryProgramInfoState struct { diff --git a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go index e71d9e2792f..b41ceb265a3 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // ClFexitProgramInfo defines the Fexit program details @@ -39,8 +38,8 @@ type ClFexitLoadInfo struct { // the function identified in ClFentryLoadInfo. The only valid value for Attach // is true. type ClFexitAttachInfo struct { - // +kubebuilder:validation:Enum==Attach;Dettach; - Attach AttachType `json:"attach"` + // +kubebuilder:validation:Enum=Attach;Dettach; + Mode AttachTypeAttach `json:"mode"` } type ClFexitProgramInfoState struct { diff --git a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go index a466c7a3424..b0132c94c2d 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // ClKprobeProgramInfo contains the information for the kprobe program diff --git a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go index a43d3931798..a7fce4e64ad 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go @@ -15,10 +15,8 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 -// +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return type TcProceedOnValue string // ClTcProgramInfo defines the tc program details @@ -55,8 +53,8 @@ type ClTcAttachInfo struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:MaxItems=11 - // +kubebuilder:default:={pipe,dispatcher_return} + // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return; + // +kubebuilder:default:={pipe,dispatche_return} ProceedOn []TcProceedOnValue `json:"proceedOn"` } @@ -95,6 +93,6 @@ type ClTcAttachInfoState struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:MaxItems=11 + // +kubebuilder:validation:Enum=Unspec;Ok;Reclassify;Shot;Pipe;Stolen;Queued;Repeat;Redirect;Trap;DispatcherReturn; ProceedOn []TcProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go index cb371a8f435..bf18bb57bfc 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // ClTcxProgramInfo defines the tcx program details diff --git a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go index 978859e82a6..9c7bf815441 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // ClTracepointProgramInfo contains the Tracepoint program details diff --git a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go index 0cc6a7b2e9d..b27c226b679 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // ClUprobeProgramInfo contains the information for the uprobe program diff --git a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go index 3a41a6ac7fc..fbe69ef2ebe 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return @@ -50,7 +49,7 @@ type ClXdpAttachInfo struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:MaxItems=6 + // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return; // +kubebuilder:default:={pass,dispatcher_return} ProceedOn []XdpProceedOnValue `json:"proceedOn"` } @@ -85,6 +84,6 @@ type ClXdpAttachInfoState struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:MaxItems=6 + // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return; ProceedOn []XdpProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/tc_program_types.go b/bpfman-operator/apis/v1alpha1/tc_program_types.go index 61217ac364b..49ed86e0540 100644 --- a/bpfman-operator/apis/v1alpha1/tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tc_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // TcProgramInfo defines the tc program details @@ -50,7 +49,7 @@ type TcAttachInfo struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:MaxItems=11 + // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return; // +kubebuilder:default:={pipe,dispatcher_return} ProceedOn []TcProceedOnValue `json:"proceedOn"` } @@ -89,6 +88,6 @@ type TcAttachInfoState struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:MaxItems=11 + // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return; ProceedOn []TcProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/tcx_program_types.go b/bpfman-operator/apis/v1alpha1/tcx_program_types.go index 17668ba75b5..b4696b9079d 100644 --- a/bpfman-operator/apis/v1alpha1/tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tcx_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // TcxProgramInfo defines the tcx program details diff --git a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go index 6d869e0010d..12ff8d559d9 100644 --- a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // UprobeProgramInfo contains the information for the uprobe program diff --git a/bpfman-operator/apis/v1alpha1/xdp_program_types.go b/bpfman-operator/apis/v1alpha1/xdp_program_types.go index fd191fdf74b..230ccd27bb7 100644 --- a/bpfman-operator/apis/v1alpha1/xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/xdp_program_types.go @@ -15,7 +15,6 @@ limitations under the License. */ // All fields are required unless explicitly marked optional -// +kubebuilder:validation:Required package v1alpha1 // XdpProgramInfo contains the xdp program details @@ -46,6 +45,7 @@ type XdpAttachInfo struct { // Multiple values are supported by repeating the parameter. // +optional // +kubebuilder:validation:MaxItems=6 + // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return; // +kubebuilder:default:={pass,dispatcher_return} ProceedOn []XdpProceedOnValue `json:"proceedOn"` } @@ -79,6 +79,6 @@ type XdpAttachInfoState struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:MaxItems=6 + // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return; ProceedOn []XdpProceedOnValue `json:"proceedOn"` } From b6ea83daef0e1697665d0258d004ee4847d470da Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Wed, 12 Mar 2025 16:05:16 -0400 Subject: [PATCH 05/15] rename enum to drop Info string and address more comments Signed-off-by: Mohamed Mahmoud --- .../v1alpha1/bpf_application_state_types.go | 30 +-- .../apis/v1alpha1/bpf_application_types.go | 30 +-- .../cluster_bpf_application_state_types.go | 60 +++--- .../v1alpha1/cluster_bpf_application_types.go | 56 ++--- .../cluster_kretprobe_program_types.go | 50 +++++ .../apis/v1alpha1/cluster_tc_program_types.go | 4 +- .../v1alpha1/cluster_tcx_program_types.go | 4 +- .../apis/v1alpha1/tc_program_types.go | 4 +- .../apis/v1alpha1/tcx_program_types.go | 4 +- .../apis/v1alpha1/zz_generated.deepcopy.go | 197 ++++++++++++------ 10 files changed, 281 insertions(+), 158 deletions(-) create mode 100644 bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go index e18360add62..23bd48e1de4 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go @@ -24,11 +24,11 @@ import ( // BpfApplicationProgramState defines the desired state of BpfApplication // +union -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcx configuration is required when type is TCX, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobeInfo) : !has(self.upretrobeInfo)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is TCX, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobe) : !has(self.upretrobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" type BpfApplicationProgramState struct { BpfProgramStateCommon `json:",inline"` @@ -38,30 +38,30 @@ type BpfApplicationProgramState struct { // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Uprobe";"UretProbe" Type EBPFProgType `json:"type"` - // xdpInfo defines the desired state of the application's XdpPrograms. + // xdp defines the desired state of the application's XdpPrograms. // +unionMember // +optional - XDPInfo *XdpProgramInfoState `json:"xdpInfo,omitempty"` + XDP *XdpProgramInfoState `json:"xdp,omitempty"` - // tcInfo defines the desired state of the application's TcPrograms. + // tc defines the desired state of the application's TcPrograms. // +unionMember // +optional - TCInfo *TcProgramInfoState `json:"tcInfo,omitempty"` + TC *TcProgramInfoState `json:"tc,omitempty"` - // tcxInfo defines the desired state of the application's TcxPrograms. + // tcx defines the desired state of the application's TcxPrograms. // +unionMember // +optional - TCXInfo *TcxProgramInfoState `json:"tcxInfo,omitempty"` + TCX *TcxProgramInfoState `json:"tcx,omitempty"` - // uprobeInfo defines the desired state of the application's UprobePrograms. + // uprobe defines the desired state of the application's UprobePrograms. // +unionMember // +optional - UprobeInfo *UprobeProgramInfoState `json:"uprobeInfo,omitempty"` + Uprobe *UprobeProgramInfoState `json:"uprobe,omitempty"` - // uretprobeInfo defines the desired state of the application's UretprobePrograms. + // uretprobe defines the desired state of the application's UretprobePrograms. // +unionMember // +optional - UretprobeInfo *UprobeProgramInfoState `json:"uretprobeInfo,omitempty"` + Uretprobe *UprobeProgramInfoState `json:"uretprobe,omitempty"` } // BpfApplicationSpec defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_types.go index 6adfbcc6f69..5c2aed3a314 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_types.go @@ -22,11 +22,11 @@ import ( // BpfApplicationProgram defines the desired state of BpfApplication // +union -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobeInfo) : !has(self.upretrobeInfo)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobe) : !has(self.upretrobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" type BpfApplicationProgram struct { // name is the name of the function that is the entry point for the BPF // program @@ -38,30 +38,30 @@ type BpfApplicationProgram struct { // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Uprobe";"UretProbe" Type EBPFProgType `json:"type"` - // xdpInfo defines the desired state of the application's XdpPrograms. + // xdp defines the desired state of the application's XdpPrograms. // +unionMember // +optional - XDPInfo *XdpProgramInfo `json:"xdpInfo,omitempty"` + XDP *XdpProgramInfo `json:"xdp,omitempty"` - // tcInfo defines the desired state of the application's TcPrograms. + // tc defines the desired state of the application's TcPrograms. // +unionMember // +optional - TCInfo *TcProgramInfo `json:"tcInfo,omitempty"` + TC *TcProgramInfo `json:"tc,omitempty"` - // tcxInfo defines the desired state of the application's TcxPrograms. + // tcx defines the desired state of the application's TcxPrograms. // +unionMember // +optional - TCXInfo *TcxProgramInfo `json:"tcxInfo,omitempty"` + TCX *TcxProgramInfo `json:"tcx,omitempty"` - // uprobeInfo defines the desired state of the application's UprobePrograms. + // uprobe defines the desired state of the application's UprobePrograms. // +unionMember // +optional - UprobeInfo *UprobeProgramInfo `json:"uprobeInfo,omitempty"` + Uprobe *UprobeProgramInfo `json:"uprobe,omitempty"` - // uretprobeInfo defines the desired state of the application's UretprobePrograms. + // uretprobe defines the desired state of the application's UretprobePrograms. // +unionMember // +optional - UretprobeInfo *UprobeProgramInfo `json:"uretprobeInfo,omitempty"` + Uretprobe *UprobeProgramInfo `json:"uretprobe,omitempty"` } // BpfApplicationSpec defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go index 2af434a39ca..e18e16eec93 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go @@ -24,16 +24,16 @@ import ( // ClBpfApplicationProgramState defines the desired state of BpfApplication // +union -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentryInfo) : !has(self.fentryInfo)",message="fentryInfo configuration is required when type is fentry, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexitInfo) : !has(self.fexitInfo)",message="fexitInfo configuration is required when type is fexit, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobeInfo) : !has(self.kprobeInfo)",message="kprobeInfo configuration is required when type is kprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KretProbe' ? has(self.kretprobeInfo) : !has(self.kretprobeInfo)",message="kretprobeInfo configuration is required when type is kretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobeInfo) : !has(self.uretprobeInfo)",message="uretprobeInfo configuration is required when type is uretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepointInfo) : !has(self.tracepointInfo)",message="tracepointInfo configuration is required when type is tracepoint, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentry) : !has(self.fentry)",message="fentry configuration is required when type is fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexit) : !has(self.fexit)",message="fexit configuration is required when type is fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobe) : !has(self.kprobe)",message="kprobe configuration is required when type is kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KretProbe' ? has(self.kretprobe) : !has(self.kretprobe)",message="kretprobe configuration is required when type is kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepoint) : !has(self.tracepoint)",message="tracepoint configuration is required when type is tracepoint, and forbidden otherwise" type ClBpfApplicationProgramState struct { BpfProgramStateCommon `json:",inline"` // type specifies the bpf program type @@ -43,55 +43,55 @@ type ClBpfApplicationProgramState struct { Type EBPFProgType `json:"type"` - // xdpInfo defines the desired state of the application's XdpPrograms. + // xdp defines the desired state of the application's XdpPrograms. // +unionMember // +optional - XDPInfo *ClXdpProgramInfoState `json:"xdpInfo,omitempty"` + XDP *ClXdpProgramInfoState `json:"xdp,omitempty"` - // tcInfo defines the desired state of the application's TcPrograms. + // tc defines the desired state of the application's TcPrograms. // +unionMember // +optional - TCInfo *ClTcProgramInfoState `json:"tcInfo,omitempty"` + TC *ClTcProgramInfoState `json:"tc,omitempty"` - // tcxInfo defines the desired state of the application's TcxPrograms. + // tcx defines the desired state of the application's TcxPrograms. // +unionMember // +optional - TCXInfo *ClTcxProgramInfoState `json:"tcxInfo,omitempty"` + TCX *ClTcxProgramInfoState `json:"tcx,omitempty"` - // fentryInfo defines the desired state of the application's FentryPrograms. + // fentry defines the desired state of the application's FentryPrograms. // +unionMember // +optional - FentryInfo *ClFentryProgramInfoState `json:"fentryInfo,omitempty"` + Fentry *ClFentryProgramInfoState `json:"fentry,omitempty"` - // fexitInfo defines the desired state of the application's FexitPrograms. + // fexit defines the desired state of the application's FexitPrograms. // +unionMember // +optional - FexitInfo *ClFexitProgramInfoState `json:"fexitInfo,omitempty"` + Fexit *ClFexitProgramInfoState `json:"fexit,omitempty"` - // kprobeInfo defines the desired state of the application's KprobePrograms. + // kprobe defines the desired state of the application's KprobePrograms. // +unionMember // +optional - KprobeInfo *ClKprobeProgramInfoState `json:"kprobeInfo,omitempty"` + Kprobe *ClKprobeProgramInfoState `json:"kprobe,omitempty"` - // kretprobeInfo defines the desired state of the application's KprobePrograms. + // kretprobe defines the desired state of the application's KprobePrograms. // +unionMember // +optional - KretprobeInfo *ClKprobeProgramInfoState `json:"kretprobeInfo,omitempty"` + Kretprobe *ClKretprobeProgramInfoState `json:"kretprobe,omitempty"` - // uprobeInfo defines the desired state of the application's UprobePrograms. + // uprobe defines the desired state of the application's UprobePrograms. // +unionMember // +optional - UprobeInfo *ClUprobeProgramInfoState `json:"uprobeInfo,omitempty"` + Uprobe *ClUprobeProgramInfoState `json:"uprobe,omitempty"` - // uretprobeInfo defines the desired state of the application's UretprobePrograms. + // uretprobe defines the desired state of the application's UretprobePrograms. // +unionMember // +optional - UretprobeInfo *ClUprobeProgramInfoState `json:"uretprobeInfo,omitempty"` + Uretprobe *ClUprobeProgramInfoState `json:"uretprobe,omitempty"` - // tracepointInfo defines the desired state of the application's TracepointPrograms. + // tracepoint defines the desired state of the application's TracepointPrograms. // +unionMember // +optional - TracepointInfo *ClTracepointProgramInfoState `json:"tracepointInfo,omitempty"` + Tracepoint *ClTracepointProgramInfoState `json:"tracepoint,omitempty"` } // BpfApplicationSpec defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go index 8048a0637a7..e9bdb91c53c 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go @@ -57,16 +57,16 @@ const ( // ClBpfApplicationProgram defines the desired state of BpfApplication // +union -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdpInfo) : !has(self.xdpInfo)",message="xdpInfo configuration is required when type is xdp, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tcInfo) : !has(self.tcInfo)",message="tcInfo configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcxInfo) : !has(self.tcxInfo)",message="tcxInfo configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentryInfo) : !has(self.fentryInfo)",message="fentryInfo configuration is required when type is fentry, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexitInfo) : !has(self.fexitInfo)",message="fexitInfo configuration is required when type is fexit, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobeInfo) : !has(self.kprobeInfo)",message="kprobeInfo configuration is required when type is kprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KretProbe' ? has(self.kretprobeInfo) : !has(self.kretprobeInfo)",message="kretprobeInfo configuration is required when type is kretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobeInfo) : !has(self.uprobeInfo)",message="uprobeInfo configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobeInfo) : !has(self.uretprobeInfo)",message="uretprobeInfo configuration is required when type is uretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepointInfo) : !has(self.tracepointInfo)",message="tracepointInfo configuration is required when type is tracepoint, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is tcx, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentry) : !has(self.fentry)",message="fentry configuration is required when type is fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexit) : !has(self.fexit)",message="fexit configuration is required when type is fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobe) : !has(self.kprobe)",message="kprobe configuration is required when type is kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KretProbe' ? has(self.kretprobe) : !has(self.kretprobe)",message="kretprobe configuration is required when type is kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepoint) : !has(self.tracepoint)",message="tracepoint configuration is required when type is tracepoint, and forbidden otherwise" type ClBpfApplicationProgram struct { // name is the name of the function that is the entry point for the BPF // program @@ -78,55 +78,55 @@ type ClBpfApplicationProgram struct { // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Fentry";"Fexit";"Kprobe";"KretProbe";"Uprobe";"UretProbe";"TracePoint" Type EBPFProgType `json:"type"` - // xdpInfo defines the desired state of the application's XdpPrograms. + // xdp defines the desired state of the application's XdpPrograms. // +unionMember // +optional - XDPInfo *ClXdpProgramInfo `json:"xdpInfo,omitempty"` + XDP *ClXdpProgramInfo `json:"xdp,omitempty"` - // tcInfo defines the desired state of the application's TcPrograms. + // tc defines the desired state of the application's TcPrograms. // +unionMember // +optional - TCInfo *ClTcProgramInfo `json:"tcInfo,omitempty"` + TC *ClTcProgramInfo `json:"tc,omitempty"` - // tcxInfo defines the desired state of the application's TcxPrograms. + // tcx defines the desired state of the application's TcxPrograms. // +unionMember // +optional - TCXInfo *ClTcxProgramInfo `json:"tcxInfo,omitempty"` + TCX *ClTcxProgramInfo `json:"tcx,omitempty"` - // fentryInfo defines the desired state of the application's FentryPrograms. + // fentry defines the desired state of the application's FentryPrograms. // +unionMember // +optional - FentryInfo *ClFentryProgramInfo `json:"fentryInfo,omitempty"` + Fentry *ClFentryProgramInfo `json:"fentry,omitempty"` - // fexitInfo defines the desired state of the application's FexitPrograms. + // fexit defines the desired state of the application's FexitPrograms. // +unionMember // +optional - FexitInfo *ClFexitProgramInfo `json:"fexitInfo,omitempty"` + Fexit *ClFexitProgramInfo `json:"fexit,omitempty"` - // kprobeInfo defines the desired state of the application's KprobePrograms. + // kprobe defines the desired state of the application's KprobePrograms. // +unionMember // +optional - KprobeInfo *ClKprobeProgramInfo `json:"kprobeInfo,omitempty"` + Kprobe *ClKprobeProgramInfo `json:"kprobe,omitempty"` - // kretprobeInfo defines the desired state of the application's KretprobePrograms. + // kretprobe defines the desired state of the application's KretprobePrograms. // +unionMember // +optional - KretprobeInfo *ClKprobeProgramInfo `json:"kretprobeInfo,omitempty"` + Kretprobe *ClKretprobeProgramInfo `json:"kretprobe,omitempty"` - // uprobeInfo defines the desired state of the application's UprobePrograms. + // uprobe defines the desired state of the application's UprobePrograms. // +unionMember // +optional - UprobeInfo *ClUprobeProgramInfo `json:"uprobeInfo,omitempty"` + Uprobe *ClUprobeProgramInfo `json:"uprobe,omitempty"` // uretprobeInfo defines the desired state of the application's UretprobePrograms. // +unionMember // +optional - UretprobeInfo *ClUprobeProgramInfo `json:"uretprobeInfo,omitempty"` + Uretprobe *ClUprobeProgramInfo `json:"uretprobe,omitempty"` // tracepointInfo defines the desired state of the application's TracepointPrograms. // +unionMember // +optional - TracepointInfo *ClTracepointProgramInfo `json:"tracepointInfo,omitempty"` + Tracepoint *ClTracepointProgramInfo `json:"tracepoint,omitempty"` } // ClBpfApplicationSpec defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go new file mode 100644 index 00000000000..7dc6640565d --- /dev/null +++ b/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go @@ -0,0 +1,50 @@ +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +package v1alpha1 + +// ClKprobeProgramInfo contains the information for the kprobe program +type ClKretprobeProgramInfo struct { + // The list of points to which the program should be attached. The list items + // are optional and may be udated after the bpf program has been loaded + // +optional + // +kubebuilder:default:={} + Links []ClKretprobeAttachInfo `json:"links"` +} + +type ClKretprobeAttachInfo struct { + // function to attach the kprobe to. + Function string `json:"function"` +} + +type ClKretprobeProgramInfoState struct { + // List of attach points for the BPF program on the given node. Each entry + // in *AttachInfoState represents a specific, unique attach point that is + // derived from *AttachInfo by fully expanding any selectors. Each entry + // also contains information about the attach point required by the + // reconciler + // +optional + // +kubebuilder:default:={} + Links []ClKretprobeAttachInfoState `json:"links"` +} + +type ClKretprobeAttachInfoState struct { + AttachInfoStateCommon `json:",inline"` + + // Function to attach the kprobe to. + Function string `json:"function"` +} diff --git a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go index a7fce4e64ad..1509572913f 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go @@ -40,7 +40,7 @@ type ClTcAttachInfo struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction string `json:"direction"` // priority specifies the priority of the tc program in relation to @@ -81,7 +81,7 @@ type ClTcAttachInfoState struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction string `json:"direction"` // priority specifies the priority of the tc program in relation to diff --git a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go index bf18bb57bfc..ddecf114212 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go @@ -38,7 +38,7 @@ type ClTcxAttachInfo struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction string `json:"direction"` // priority specifies the priority of the tcx program in relation to @@ -72,7 +72,7 @@ type ClTcxAttachInfoState struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction string `json:"direction"` // priority specifies the priority of the tcx program in relation to diff --git a/bpfman-operator/apis/v1alpha1/tc_program_types.go b/bpfman-operator/apis/v1alpha1/tc_program_types.go index 49ed86e0540..53e800f1df5 100644 --- a/bpfman-operator/apis/v1alpha1/tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tc_program_types.go @@ -36,7 +36,7 @@ type TcAttachInfo struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction string `json:"direction"` // priority specifies the priority of the tc program in relation to @@ -76,7 +76,7 @@ type TcAttachInfoState struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction string `json:"direction"` // priority specifies the priority of the tc program in relation to diff --git a/bpfman-operator/apis/v1alpha1/tcx_program_types.go b/bpfman-operator/apis/v1alpha1/tcx_program_types.go index b4696b9079d..2b372070616 100644 --- a/bpfman-operator/apis/v1alpha1/tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tcx_program_types.go @@ -36,7 +36,7 @@ type TcxAttachInfo struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction string `json:"direction"` // priority specifies the priority of the tcx program in relation to @@ -69,7 +69,7 @@ type TcxAttachInfoState struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction string `json:"direction"` // priority specifies the priority of the tcx program in relation to diff --git a/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go b/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go index 788869da38e..264d4c72ada 100644 --- a/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go +++ b/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go @@ -167,28 +167,28 @@ func (in *BpfApplicationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BpfApplicationProgram) DeepCopyInto(out *BpfApplicationProgram) { *out = *in - if in.XDPInfo != nil { - in, out := &in.XDPInfo, &out.XDPInfo + if in.XDP != nil { + in, out := &in.XDP, &out.XDP *out = new(XdpProgramInfo) (*in).DeepCopyInto(*out) } - if in.TCInfo != nil { - in, out := &in.TCInfo, &out.TCInfo + if in.TC != nil { + in, out := &in.TC, &out.TC *out = new(TcProgramInfo) (*in).DeepCopyInto(*out) } - if in.TCXInfo != nil { - in, out := &in.TCXInfo, &out.TCXInfo + if in.TCX != nil { + in, out := &in.TCX, &out.TCX *out = new(TcxProgramInfo) (*in).DeepCopyInto(*out) } - if in.UprobeInfo != nil { - in, out := &in.UprobeInfo, &out.UprobeInfo + if in.Uprobe != nil { + in, out := &in.Uprobe, &out.Uprobe *out = new(UprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.UretprobeInfo != nil { - in, out := &in.UretprobeInfo, &out.UretprobeInfo + if in.Uretprobe != nil { + in, out := &in.Uretprobe, &out.Uretprobe *out = new(UprobeProgramInfo) (*in).DeepCopyInto(*out) } @@ -208,28 +208,28 @@ func (in *BpfApplicationProgram) DeepCopy() *BpfApplicationProgram { func (in *BpfApplicationProgramState) DeepCopyInto(out *BpfApplicationProgramState) { *out = *in in.BpfProgramStateCommon.DeepCopyInto(&out.BpfProgramStateCommon) - if in.XDPInfo != nil { - in, out := &in.XDPInfo, &out.XDPInfo + if in.XDP != nil { + in, out := &in.XDP, &out.XDP *out = new(XdpProgramInfoState) (*in).DeepCopyInto(*out) } - if in.TCInfo != nil { - in, out := &in.TCInfo, &out.TCInfo + if in.TC != nil { + in, out := &in.TC, &out.TC *out = new(TcProgramInfoState) (*in).DeepCopyInto(*out) } - if in.TCXInfo != nil { - in, out := &in.TCXInfo, &out.TCXInfo + if in.TCX != nil { + in, out := &in.TCX, &out.TCX *out = new(TcxProgramInfoState) (*in).DeepCopyInto(*out) } - if in.UprobeInfo != nil { - in, out := &in.UprobeInfo, &out.UprobeInfo + if in.Uprobe != nil { + in, out := &in.Uprobe, &out.Uprobe *out = new(UprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.UretprobeInfo != nil { - in, out := &in.UretprobeInfo, &out.UretprobeInfo + if in.Uretprobe != nil { + in, out := &in.Uretprobe, &out.Uretprobe *out = new(UprobeProgramInfoState) (*in).DeepCopyInto(*out) } @@ -417,53 +417,53 @@ func (in *ByteCodeSelector) DeepCopy() *ByteCodeSelector { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClBpfApplicationProgram) DeepCopyInto(out *ClBpfApplicationProgram) { *out = *in - if in.XDPInfo != nil { - in, out := &in.XDPInfo, &out.XDPInfo + if in.XDP != nil { + in, out := &in.XDP, &out.XDP *out = new(ClXdpProgramInfo) (*in).DeepCopyInto(*out) } - if in.TCInfo != nil { - in, out := &in.TCInfo, &out.TCInfo + if in.TC != nil { + in, out := &in.TC, &out.TC *out = new(ClTcProgramInfo) (*in).DeepCopyInto(*out) } - if in.TCXInfo != nil { - in, out := &in.TCXInfo, &out.TCXInfo + if in.TCX != nil { + in, out := &in.TCX, &out.TCX *out = new(ClTcxProgramInfo) (*in).DeepCopyInto(*out) } - if in.FentryInfo != nil { - in, out := &in.FentryInfo, &out.FentryInfo + if in.Fentry != nil { + in, out := &in.Fentry, &out.Fentry *out = new(ClFentryProgramInfo) (*in).DeepCopyInto(*out) } - if in.FexitInfo != nil { - in, out := &in.FexitInfo, &out.FexitInfo + if in.Fexit != nil { + in, out := &in.Fexit, &out.Fexit *out = new(ClFexitProgramInfo) (*in).DeepCopyInto(*out) } - if in.KprobeInfo != nil { - in, out := &in.KprobeInfo, &out.KprobeInfo + if in.Kprobe != nil { + in, out := &in.Kprobe, &out.Kprobe *out = new(ClKprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.KretprobeInfo != nil { - in, out := &in.KretprobeInfo, &out.KretprobeInfo - *out = new(ClKprobeProgramInfo) + if in.Kretprobe != nil { + in, out := &in.Kretprobe, &out.Kretprobe + *out = new(ClKretprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.UprobeInfo != nil { - in, out := &in.UprobeInfo, &out.UprobeInfo + if in.Uprobe != nil { + in, out := &in.Uprobe, &out.Uprobe *out = new(ClUprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.UretprobeInfo != nil { - in, out := &in.UretprobeInfo, &out.UretprobeInfo + if in.Uretprobe != nil { + in, out := &in.Uretprobe, &out.Uretprobe *out = new(ClUprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.TracepointInfo != nil { - in, out := &in.TracepointInfo, &out.TracepointInfo + if in.Tracepoint != nil { + in, out := &in.Tracepoint, &out.Tracepoint *out = new(ClTracepointProgramInfo) (*in).DeepCopyInto(*out) } @@ -483,53 +483,53 @@ func (in *ClBpfApplicationProgram) DeepCopy() *ClBpfApplicationProgram { func (in *ClBpfApplicationProgramState) DeepCopyInto(out *ClBpfApplicationProgramState) { *out = *in in.BpfProgramStateCommon.DeepCopyInto(&out.BpfProgramStateCommon) - if in.XDPInfo != nil { - in, out := &in.XDPInfo, &out.XDPInfo + if in.XDP != nil { + in, out := &in.XDP, &out.XDP *out = new(ClXdpProgramInfoState) (*in).DeepCopyInto(*out) } - if in.TCInfo != nil { - in, out := &in.TCInfo, &out.TCInfo + if in.TC != nil { + in, out := &in.TC, &out.TC *out = new(ClTcProgramInfoState) (*in).DeepCopyInto(*out) } - if in.TCXInfo != nil { - in, out := &in.TCXInfo, &out.TCXInfo + if in.TCX != nil { + in, out := &in.TCX, &out.TCX *out = new(ClTcxProgramInfoState) (*in).DeepCopyInto(*out) } - if in.FentryInfo != nil { - in, out := &in.FentryInfo, &out.FentryInfo + if in.Fentry != nil { + in, out := &in.Fentry, &out.Fentry *out = new(ClFentryProgramInfoState) (*in).DeepCopyInto(*out) } - if in.FexitInfo != nil { - in, out := &in.FexitInfo, &out.FexitInfo + if in.Fexit != nil { + in, out := &in.Fexit, &out.Fexit *out = new(ClFexitProgramInfoState) (*in).DeepCopyInto(*out) } - if in.KprobeInfo != nil { - in, out := &in.KprobeInfo, &out.KprobeInfo + if in.Kprobe != nil { + in, out := &in.Kprobe, &out.Kprobe *out = new(ClKprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.KretprobeInfo != nil { - in, out := &in.KretprobeInfo, &out.KretprobeInfo - *out = new(ClKprobeProgramInfoState) + if in.Kretprobe != nil { + in, out := &in.Kretprobe, &out.Kretprobe + *out = new(ClKretprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.UprobeInfo != nil { - in, out := &in.UprobeInfo, &out.UprobeInfo + if in.Uprobe != nil { + in, out := &in.Uprobe, &out.Uprobe *out = new(ClUprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.UretprobeInfo != nil { - in, out := &in.UretprobeInfo, &out.UretprobeInfo + if in.Uretprobe != nil { + in, out := &in.Uretprobe, &out.Uretprobe *out = new(ClUprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.TracepointInfo != nil { - in, out := &in.TracepointInfo, &out.TracepointInfo + if in.Tracepoint != nil { + in, out := &in.Tracepoint, &out.Tracepoint *out = new(ClTracepointProgramInfoState) (*in).DeepCopyInto(*out) } @@ -868,6 +868,79 @@ func (in *ClKprobeProgramInfoState) DeepCopy() *ClKprobeProgramInfoState { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClKretprobeAttachInfo) DeepCopyInto(out *ClKretprobeAttachInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClKretprobeAttachInfo. +func (in *ClKretprobeAttachInfo) DeepCopy() *ClKretprobeAttachInfo { + if in == nil { + return nil + } + out := new(ClKretprobeAttachInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClKretprobeAttachInfoState) DeepCopyInto(out *ClKretprobeAttachInfoState) { + *out = *in + in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClKretprobeAttachInfoState. +func (in *ClKretprobeAttachInfoState) DeepCopy() *ClKretprobeAttachInfoState { + if in == nil { + return nil + } + out := new(ClKretprobeAttachInfoState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClKretprobeProgramInfo) DeepCopyInto(out *ClKretprobeProgramInfo) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClKretprobeAttachInfo, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClKretprobeProgramInfo. +func (in *ClKretprobeProgramInfo) DeepCopy() *ClKretprobeProgramInfo { + if in == nil { + return nil + } + out := new(ClKretprobeProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClKretprobeProgramInfoState) DeepCopyInto(out *ClKretprobeProgramInfoState) { + *out = *in + if in.Links != nil { + in, out := &in.Links, &out.Links + *out = make([]ClKretprobeAttachInfoState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClKretprobeProgramInfoState. +func (in *ClKretprobeProgramInfoState) DeepCopy() *ClKretprobeProgramInfoState { + if in == nil { + return nil + } + out := new(ClKretprobeProgramInfoState) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClTcAttachInfo) DeepCopyInto(out *ClTcAttachInfo) { *out = *in From 88663fdc6906e44c6ad05ac36493698e088cbc75 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 13 Mar 2025 08:13:22 -0400 Subject: [PATCH 06/15] use enum for direction change back proceedOn validation and more address more comments Signed-off-by: Mohamed Mahmoud --- .../v1alpha1/bpf_application_state_types.go | 8 +-- .../apis/v1alpha1/bpf_application_types.go | 10 +-- .../cluster_bpf_application_state_types.go | 28 ++++---- .../v1alpha1/cluster_bpf_application_types.go | 55 +++++++------- .../apis/v1alpha1/cluster_tc_program_types.go | 16 ++--- .../v1alpha1/cluster_tcx_program_types.go | 12 ++-- .../v1alpha1/cluster_xdp_program_types.go | 4 +- .../apis/v1alpha1/tc_program_types.go | 16 ++--- .../apis/v1alpha1/tcx_program_types.go | 12 ++-- .../apis/v1alpha1/xdp_program_types.go | 3 +- .../apis/v1alpha1/zz_generated.deepcopy.go | 72 +++++++++---------- 11 files changed, 121 insertions(+), 115 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go index 23bd48e1de4..f277bf3c7f8 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go @@ -27,8 +27,8 @@ import ( // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is TCX, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobe) : !has(self.upretrobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UProbe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'URetProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" type BpfApplicationProgramState struct { BpfProgramStateCommon `json:",inline"` @@ -56,12 +56,12 @@ type BpfApplicationProgramState struct { // uprobe defines the desired state of the application's UprobePrograms. // +unionMember // +optional - Uprobe *UprobeProgramInfoState `json:"uprobe,omitempty"` + UProbe *UprobeProgramInfoState `json:"uprobe,omitempty"` // uretprobe defines the desired state of the application's UretprobePrograms. // +unionMember // +optional - Uretprobe *UprobeProgramInfoState `json:"uretprobe,omitempty"` + URetProbe *UprobeProgramInfoState `json:"uretprobe,omitempty"` } // BpfApplicationSpec defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_types.go index 5c2aed3a314..c734a3c02ab 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_types.go @@ -24,9 +24,9 @@ import ( // +union // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobe) : !has(self.upretrobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is TCX, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UProbe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'URetProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" type BpfApplicationProgram struct { // name is the name of the function that is the entry point for the BPF // program @@ -56,12 +56,12 @@ type BpfApplicationProgram struct { // uprobe defines the desired state of the application's UprobePrograms. // +unionMember // +optional - Uprobe *UprobeProgramInfo `json:"uprobe,omitempty"` + UProbe *UprobeProgramInfo `json:"uprobe,omitempty"` // uretprobe defines the desired state of the application's UretprobePrograms. // +unionMember // +optional - Uretprobe *UprobeProgramInfo `json:"uretprobe,omitempty"` + URetProbe *UprobeProgramInfo `json:"uretprobe,omitempty"` } // BpfApplicationSpec defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go index e18e16eec93..531dfafa0ec 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go @@ -27,19 +27,19 @@ import ( // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentry) : !has(self.fentry)",message="fentry configuration is required when type is fentry, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexit) : !has(self.fexit)",message="fexit configuration is required when type is fexit, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobe) : !has(self.kprobe)",message="kprobe configuration is required when type is kprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KretProbe' ? has(self.kretprobe) : !has(self.kretprobe)",message="kretprobe configuration is required when type is kretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'FEntry' ? has(self.fentry) : !has(self.fentry)",message="fentry configuration is required when type is fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'FExit' ? has(self.fexit) : !has(self.fexit)",message="fexit configuration is required when type is fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KProbe' ? has(self.kprobe) : !has(self.kprobe)",message="kprobe configuration is required when type is kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KRetProbe' ? has(self.kretprobe) : !has(self.kretprobe)",message="kretprobe configuration is required when type is kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UProbe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'URetProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepoint) : !has(self.tracepoint)",message="tracepoint configuration is required when type is tracepoint, and forbidden otherwise" type ClBpfApplicationProgramState struct { BpfProgramStateCommon `json:",inline"` // type specifies the bpf program type // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Fentry";"Fexit";"Kprobe";"KretProbe";"Uprobe";"UretProbe";"TracePoint" + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"FEntry";"FExit";"KProbe";"KRetProbe";"UProbe";"URetProbe";"TracePoint" Type EBPFProgType `json:"type"` @@ -61,37 +61,37 @@ type ClBpfApplicationProgramState struct { // fentry defines the desired state of the application's FentryPrograms. // +unionMember // +optional - Fentry *ClFentryProgramInfoState `json:"fentry,omitempty"` + FEntry *ClFentryProgramInfoState `json:"fentry,omitempty"` // fexit defines the desired state of the application's FexitPrograms. // +unionMember // +optional - Fexit *ClFexitProgramInfoState `json:"fexit,omitempty"` + FExit *ClFexitProgramInfoState `json:"fexit,omitempty"` // kprobe defines the desired state of the application's KprobePrograms. // +unionMember // +optional - Kprobe *ClKprobeProgramInfoState `json:"kprobe,omitempty"` + KProbe *ClKprobeProgramInfoState `json:"kprobe,omitempty"` // kretprobe defines the desired state of the application's KprobePrograms. // +unionMember // +optional - Kretprobe *ClKretprobeProgramInfoState `json:"kretprobe,omitempty"` + KRetProbe *ClKretprobeProgramInfoState `json:"kretprobe,omitempty"` // uprobe defines the desired state of the application's UprobePrograms. // +unionMember // +optional - Uprobe *ClUprobeProgramInfoState `json:"uprobe,omitempty"` + UProbe *ClUprobeProgramInfoState `json:"uprobe,omitempty"` // uretprobe defines the desired state of the application's UretprobePrograms. // +unionMember // +optional - Uretprobe *ClUprobeProgramInfoState `json:"uretprobe,omitempty"` + URetProbe *ClUprobeProgramInfoState `json:"uretprobe,omitempty"` // tracepoint defines the desired state of the application's TracepointPrograms. // +unionMember // +optional - Tracepoint *ClTracepointProgramInfoState `json:"tracepoint,omitempty"` + TracePoint *ClTracepointProgramInfoState `json:"tracepoint,omitempty"` } // BpfApplicationSpec defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go index e9bdb91c53c..535ddba1d41 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go @@ -25,34 +25,41 @@ type EBPFProgType string const ( // ProgTypeXDP refers to the XDP program type. - ProgTypeXDP EBPFProgType = "xdp" + ProgTypeXDP EBPFProgType = "XDP" // ProgTypeTC refers to the TC program type. - ProgTypeTC EBPFProgType = "tc" + ProgTypeTC EBPFProgType = "TC" // ProgTypeTCX refers to the TCX program type. - ProgTypeTCX EBPFProgType = "tcx" + ProgTypeTCX EBPFProgType = "TCX" // ProgTypeFentry refers to the Fentry program type. - ProgTypeFentry EBPFProgType = "fentry" + ProgTypeFentry EBPFProgType = "FEntry" // ProgTypeFexit refers to the Fexit program type. - ProgTypeFexit EBPFProgType = "fexit" + ProgTypeFexit EBPFProgType = "FExit" // ProgTypeKprobe refers to the Kprobe program type. - ProgTypeKprobe EBPFProgType = "kprobe" + ProgTypeKprobe EBPFProgType = "KProbe" // ProgTypeKretprobe refers to the Kretprobe program type. - ProgTypeKretprobe EBPFProgType = "kretprobe" + ProgTypeKretprobe EBPFProgType = "KRetProbe" // ProgTypeUprobe refers to the Uprobe program type. - ProgTypeUprobe EBPFProgType = "uprobe" + ProgTypeUprobe EBPFProgType = "UProbe" // ProgTypeUretprobe refers to the Uretprobe program type. - ProgTypeUretprobe EBPFProgType = "uretprobe" + ProgTypeUretprobe EBPFProgType = "URetProbe" // ProgTypeTracepoint refers to the Tracepoint program type. - ProgTypeTracepoint EBPFProgType = "tracepoint" + ProgTypeTracepoint EBPFProgType = "TracePoint" +) + +type TCDirectionType string + +const ( + TCIngress TCDirectionType = "ingress" + TCEgress TCDirectionType = "egress" ) // ClBpfApplicationProgram defines the desired state of BpfApplication @@ -60,12 +67,12 @@ const ( // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is tcx, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentry) : !has(self.fentry)",message="fentry configuration is required when type is fentry, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexit) : !has(self.fexit)",message="fexit configuration is required when type is fexit, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobe) : !has(self.kprobe)",message="kprobe configuration is required when type is kprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KretProbe' ? has(self.kretprobe) : !has(self.kretprobe)",message="kretprobe configuration is required when type is kretprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UretProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'FEntry' ? has(self.fentry) : !has(self.fentry)",message="fentry configuration is required when type is fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'FExit' ? has(self.fexit) : !has(self.fexit)",message="fexit configuration is required when type is fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KProbe' ? has(self.kprobe) : !has(self.kprobe)",message="kprobe configuration is required when type is kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KRetProbe' ? has(self.kretprobe) : !has(self.kretprobe)",message="kretprobe configuration is required when type is kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UProbe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'URetProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepoint) : !has(self.tracepoint)",message="tracepoint configuration is required when type is tracepoint, and forbidden otherwise" type ClBpfApplicationProgram struct { // name is the name of the function that is the entry point for the BPF @@ -75,7 +82,7 @@ type ClBpfApplicationProgram struct { // type specifies the bpf program type // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Fentry";"Fexit";"Kprobe";"KretProbe";"Uprobe";"UretProbe";"TracePoint" + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"FEntry";"FExit";"KProbe";"KRetProbe";"UProbe";"URetProbe";"TracePoint" Type EBPFProgType `json:"type"` // xdp defines the desired state of the application's XdpPrograms. @@ -96,37 +103,37 @@ type ClBpfApplicationProgram struct { // fentry defines the desired state of the application's FentryPrograms. // +unionMember // +optional - Fentry *ClFentryProgramInfo `json:"fentry,omitempty"` + FEntry *ClFentryProgramInfo `json:"fentry,omitempty"` // fexit defines the desired state of the application's FexitPrograms. // +unionMember // +optional - Fexit *ClFexitProgramInfo `json:"fexit,omitempty"` + FExit *ClFexitProgramInfo `json:"fexit,omitempty"` // kprobe defines the desired state of the application's KprobePrograms. // +unionMember // +optional - Kprobe *ClKprobeProgramInfo `json:"kprobe,omitempty"` + KProbe *ClKprobeProgramInfo `json:"kprobe,omitempty"` // kretprobe defines the desired state of the application's KretprobePrograms. // +unionMember // +optional - Kretprobe *ClKretprobeProgramInfo `json:"kretprobe,omitempty"` + KRetProbe *ClKretprobeProgramInfo `json:"kretprobe,omitempty"` // uprobe defines the desired state of the application's UprobePrograms. // +unionMember // +optional - Uprobe *ClUprobeProgramInfo `json:"uprobe,omitempty"` + UProbe *ClUprobeProgramInfo `json:"uprobe,omitempty"` // uretprobeInfo defines the desired state of the application's UretprobePrograms. // +unionMember // +optional - Uretprobe *ClUprobeProgramInfo `json:"uretprobe,omitempty"` + URetProbe *ClUprobeProgramInfo `json:"uretprobe,omitempty"` // tracepointInfo defines the desired state of the application's TracepointPrograms. // +unionMember // +optional - Tracepoint *ClTracepointProgramInfo `json:"tracepoint,omitempty"` + TracePoint *ClTracepointProgramInfo `json:"tracepoint,omitempty"` } // ClBpfApplicationSpec defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go index 1509572913f..713f89b048e 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go @@ -40,8 +40,8 @@ type ClTcAttachInfo struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=Ingress;Egress - Direction string `json:"direction"` + // +kubebuilder:validation:Enum=ingress;egress + Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tc program in relation to // other programs of the same type with the same attach point. It is a value @@ -53,7 +53,7 @@ type ClTcAttachInfo struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return; + // +kubebuilder:validation:MaxItems=11 // +kubebuilder:default:={pipe,dispatche_return} ProceedOn []TcProceedOnValue `json:"proceedOn"` } @@ -72,8 +72,8 @@ type ClTcProgramInfoState struct { type ClTcAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // ifname is the Interface name to attach the tc program to. - IfName string `json:"ifName"` + // interfaceName is the Interface name to attach the tc program to. + InterfaceName string `json:"interfaceName"` // Optional container pid to attach the tc program in. // +optional @@ -81,8 +81,8 @@ type ClTcAttachInfoState struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=Ingress;Egress - Direction string `json:"direction"` + // +kubebuilder:validation:Enum=ingress;egress + Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tc program in relation to // other programs of the same type with the same attach point. It is a value @@ -93,6 +93,6 @@ type ClTcAttachInfoState struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:Enum=Unspec;Ok;Reclassify;Shot;Pipe;Stolen;Queued;Repeat;Redirect;Trap;DispatcherReturn; + // +kubebuilder:validation:MaxItems=11 ProceedOn []TcProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go index ddecf114212..34c64922fa5 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go @@ -38,8 +38,8 @@ type ClTcxAttachInfo struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=Ingress;Egress - Direction string `json:"direction"` + // +kubebuilder:validation:Enum=ingress;egress + Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tcx program in relation to // other programs of the same type with the same attach point. It is a value @@ -63,8 +63,8 @@ type ClTcxProgramInfoState struct { type ClTcxAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // ifname is the interface name to attach the tcx program to. - IfName string `json:"ifName"` + // interfaceName is the Interface name to attach the tc program to. + InterfaceName string `json:"interfaceName"` // containerPid is the container pid to attach the tcx program in. // +optional @@ -72,8 +72,8 @@ type ClTcxAttachInfoState struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=Ingress;Egress - Direction string `json:"direction"` + // +kubebuilder:validation:Enum=ingress;egress + Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tcx program in relation to // other programs of the same type with the same attach point. It is a value diff --git a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go index fbe69ef2ebe..0087f12281c 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go @@ -49,7 +49,7 @@ type ClXdpAttachInfo struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return; + // +kubebuilder:validation:MaxItems=6 // +kubebuilder:default:={pass,dispatcher_return} ProceedOn []XdpProceedOnValue `json:"proceedOn"` } @@ -84,6 +84,6 @@ type ClXdpAttachInfoState struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return; + // +kubebuilder:validation:MaxItems=6 ProceedOn []XdpProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/tc_program_types.go b/bpfman-operator/apis/v1alpha1/tc_program_types.go index 53e800f1df5..8562b97649d 100644 --- a/bpfman-operator/apis/v1alpha1/tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tc_program_types.go @@ -36,8 +36,8 @@ type TcAttachInfo struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=Ingress;Egress - Direction string `json:"direction"` + // +kubebuilder:validation:Enum=ingress;egress + Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tc program in relation to // other programs of the same type with the same attach point. It is a value @@ -49,7 +49,7 @@ type TcAttachInfo struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return; + // +kubebuilder:validation:MaxItems=11 // +kubebuilder:default:={pipe,dispatcher_return} ProceedOn []TcProceedOnValue `json:"proceedOn"` } @@ -68,16 +68,16 @@ type TcProgramInfoState struct { type TcAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // ifName is the interface name to attach the tc program to. - IfName string `json:"ifName"` + // interfaceName is the Interface name to attach the tc program to. + InterfaceName string `json:"interfaceName"` // containerPid is the Container pid to attach the tc program in. ContainerPid int32 `json:"containerPid"` // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=Ingress;Egress - Direction string `json:"direction"` + // +kubebuilder:validation:Enum=ingress;egress + Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tc program in relation to // other programs of the same type with the same attach point. It is a value @@ -88,6 +88,6 @@ type TcAttachInfoState struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return; + // +kubebuilder:validation:MaxItems=11 ProceedOn []TcProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/tcx_program_types.go b/bpfman-operator/apis/v1alpha1/tcx_program_types.go index 2b372070616..08b2ee4d386 100644 --- a/bpfman-operator/apis/v1alpha1/tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tcx_program_types.go @@ -36,8 +36,8 @@ type TcxAttachInfo struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=Ingress;Egress - Direction string `json:"direction"` + // +kubebuilder:validation:Enum=ingress;egress + Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tcx program in relation to // other programs of the same type with the same attach point. It is a value @@ -61,16 +61,16 @@ type TcxProgramInfoState struct { type TcxAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // ifName is the interface name to attach the tcx program to. - IfName string `json:"ifName"` + // interfaceName is the Interface name to attach the tc program to. + InterfaceName string `json:"interfaceName"` // containerPid is the container pid to attach the tcx program in. ContainerPid int32 `json:"containerPid"` // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=Ingress;Egress - Direction string `json:"direction"` + // +kubebuilder:validation:Enum=ingress;egress + Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tcx program in relation to // other programs of the same type with the same attach point. It is a value diff --git a/bpfman-operator/apis/v1alpha1/xdp_program_types.go b/bpfman-operator/apis/v1alpha1/xdp_program_types.go index 230ccd27bb7..899c42945a6 100644 --- a/bpfman-operator/apis/v1alpha1/xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/xdp_program_types.go @@ -45,7 +45,6 @@ type XdpAttachInfo struct { // Multiple values are supported by repeating the parameter. // +optional // +kubebuilder:validation:MaxItems=6 - // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return; // +kubebuilder:default:={pass,dispatcher_return} ProceedOn []XdpProceedOnValue `json:"proceedOn"` } @@ -79,6 +78,6 @@ type XdpAttachInfoState struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return; + // +kubebuilder:validation:MaxItems=6 ProceedOn []XdpProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go b/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go index 264d4c72ada..00942b9861b 100644 --- a/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go +++ b/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go @@ -182,13 +182,13 @@ func (in *BpfApplicationProgram) DeepCopyInto(out *BpfApplicationProgram) { *out = new(TcxProgramInfo) (*in).DeepCopyInto(*out) } - if in.Uprobe != nil { - in, out := &in.Uprobe, &out.Uprobe + if in.UProbe != nil { + in, out := &in.UProbe, &out.UProbe *out = new(UprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.Uretprobe != nil { - in, out := &in.Uretprobe, &out.Uretprobe + if in.URetProbe != nil { + in, out := &in.URetProbe, &out.URetProbe *out = new(UprobeProgramInfo) (*in).DeepCopyInto(*out) } @@ -223,13 +223,13 @@ func (in *BpfApplicationProgramState) DeepCopyInto(out *BpfApplicationProgramSta *out = new(TcxProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Uprobe != nil { - in, out := &in.Uprobe, &out.Uprobe + if in.UProbe != nil { + in, out := &in.UProbe, &out.UProbe *out = new(UprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Uretprobe != nil { - in, out := &in.Uretprobe, &out.Uretprobe + if in.URetProbe != nil { + in, out := &in.URetProbe, &out.URetProbe *out = new(UprobeProgramInfoState) (*in).DeepCopyInto(*out) } @@ -432,38 +432,38 @@ func (in *ClBpfApplicationProgram) DeepCopyInto(out *ClBpfApplicationProgram) { *out = new(ClTcxProgramInfo) (*in).DeepCopyInto(*out) } - if in.Fentry != nil { - in, out := &in.Fentry, &out.Fentry + if in.FEntry != nil { + in, out := &in.FEntry, &out.FEntry *out = new(ClFentryProgramInfo) (*in).DeepCopyInto(*out) } - if in.Fexit != nil { - in, out := &in.Fexit, &out.Fexit + if in.FExit != nil { + in, out := &in.FExit, &out.FExit *out = new(ClFexitProgramInfo) (*in).DeepCopyInto(*out) } - if in.Kprobe != nil { - in, out := &in.Kprobe, &out.Kprobe + if in.KProbe != nil { + in, out := &in.KProbe, &out.KProbe *out = new(ClKprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.Kretprobe != nil { - in, out := &in.Kretprobe, &out.Kretprobe + if in.KRetProbe != nil { + in, out := &in.KRetProbe, &out.KRetProbe *out = new(ClKretprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.Uprobe != nil { - in, out := &in.Uprobe, &out.Uprobe + if in.UProbe != nil { + in, out := &in.UProbe, &out.UProbe *out = new(ClUprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.Uretprobe != nil { - in, out := &in.Uretprobe, &out.Uretprobe + if in.URetProbe != nil { + in, out := &in.URetProbe, &out.URetProbe *out = new(ClUprobeProgramInfo) (*in).DeepCopyInto(*out) } - if in.Tracepoint != nil { - in, out := &in.Tracepoint, &out.Tracepoint + if in.TracePoint != nil { + in, out := &in.TracePoint, &out.TracePoint *out = new(ClTracepointProgramInfo) (*in).DeepCopyInto(*out) } @@ -498,38 +498,38 @@ func (in *ClBpfApplicationProgramState) DeepCopyInto(out *ClBpfApplicationProgra *out = new(ClTcxProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Fentry != nil { - in, out := &in.Fentry, &out.Fentry + if in.FEntry != nil { + in, out := &in.FEntry, &out.FEntry *out = new(ClFentryProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Fexit != nil { - in, out := &in.Fexit, &out.Fexit + if in.FExit != nil { + in, out := &in.FExit, &out.FExit *out = new(ClFexitProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Kprobe != nil { - in, out := &in.Kprobe, &out.Kprobe + if in.KProbe != nil { + in, out := &in.KProbe, &out.KProbe *out = new(ClKprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Kretprobe != nil { - in, out := &in.Kretprobe, &out.Kretprobe + if in.KRetProbe != nil { + in, out := &in.KRetProbe, &out.KRetProbe *out = new(ClKretprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Uprobe != nil { - in, out := &in.Uprobe, &out.Uprobe + if in.UProbe != nil { + in, out := &in.UProbe, &out.UProbe *out = new(ClUprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Uretprobe != nil { - in, out := &in.Uretprobe, &out.Uretprobe + if in.URetProbe != nil { + in, out := &in.URetProbe, &out.URetProbe *out = new(ClUprobeProgramInfoState) (*in).DeepCopyInto(*out) } - if in.Tracepoint != nil { - in, out := &in.Tracepoint, &out.Tracepoint + if in.TracePoint != nil { + in, out := &in.TracePoint, &out.TracePoint *out = new(ClTracepointProgramInfoState) (*in).DeepCopyInto(*out) } From 797bbdb79bcdf144da961d56d0f0efaee9b40a68 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 13 Mar 2025 09:07:14 -0400 Subject: [PATCH 07/15] Add fentry/fexit function name validations Signed-off-by: Mohamed Mahmoud --- bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go | 3 +++ bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go | 3 +++ 2 files changed, 6 insertions(+) diff --git a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go index 36ffe8aa135..017954ede10 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go @@ -31,6 +31,9 @@ type ClFentryProgramInfo struct { // programs type ClFentryLoadInfo struct { // function is the name of the function to attach the Fentry program to. + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Function string `json:"function"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go index b41ceb265a3..2a3b5328a00 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go @@ -31,6 +31,9 @@ type ClFexitProgramInfo struct { // programs type ClFexitLoadInfo struct { // function is the name of the function to attach the Fexit program to. + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Function string `json:"function"` } From 7996fc8d2d193183bc9646a3a59e89fa913a6804 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 13 Mar 2025 09:35:01 -0400 Subject: [PATCH 08/15] Add validation bpfapplication prog name Signed-off-by: Mohamed Mahmoud --- bpfman-operator/apis/v1alpha1/bpf_application_types.go | 3 +++ bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go | 3 +++ 2 files changed, 6 insertions(+) diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_types.go index c734a3c02ab..692a50d5f59 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_types.go @@ -30,6 +30,9 @@ import ( type BpfApplicationProgram struct { // name is the name of the function that is the entry point for the BPF // program + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Name string `json:"name"` // type specifies the bpf program type diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go index 535ddba1d41..2efed89293d 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go @@ -77,6 +77,9 @@ const ( type ClBpfApplicationProgram struct { // name is the name of the function that is the entry point for the BPF // program + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Name string `json:"name"` // type specifies the bpf program type From c892aa5ff18f09f0a649e002c3962fe066bf5a02 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 13 Mar 2025 10:04:38 -0400 Subject: [PATCH 09/15] Add more validations to function name and change IfName in XDP Signed-off-by: Mohamed Mahmoud --- bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go | 3 +++ .../apis/v1alpha1/cluster_kretprobe_program_types.go | 3 +++ .../apis/v1alpha1/cluster_tracepoint_program_types.go | 3 +++ bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go | 3 +++ bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go | 4 ++-- bpfman-operator/apis/v1alpha1/uprobe_program_types.go | 3 +++ bpfman-operator/apis/v1alpha1/xdp_program_types.go | 4 ++-- 7 files changed, 19 insertions(+), 4 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go index b0132c94c2d..c3386c5b6fe 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go @@ -28,6 +28,9 @@ type ClKprobeProgramInfo struct { type ClKprobeAttachInfo struct { // function to attach the kprobe to. + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Function string `json:"function"` // offset added to the address of the function for kprobe. diff --git a/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go index 7dc6640565d..e436e42d2d2 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go @@ -28,6 +28,9 @@ type ClKretprobeProgramInfo struct { type ClKretprobeAttachInfo struct { // function to attach the kprobe to. + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Function string `json:"function"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go index 9c7bf815441..52068609a49 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go @@ -29,6 +29,9 @@ type ClTracepointProgramInfo struct { type ClTracepointAttachInfo struct { // name refers to the name of a kernel tracepoint to attach the // bpf program to. + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Name string `json:"name"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go index b27c226b679..d4b6d6a4a38 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go @@ -29,6 +29,9 @@ type ClUprobeProgramInfo struct { type ClUprobeAttachInfo struct { // function to attach the uprobe to. // +optional + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Function string `json:"function"` // offset added to the address of the function for uprobe. diff --git a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go index 0087f12281c..843bb6e4ae5 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go @@ -68,8 +68,8 @@ type ClXdpProgramInfoState struct { type ClXdpAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // ifname is the interface name to attach the xdp program to. - IfName string `json:"ifName"` + // interfaceName is the interface name to attach the xdp program to. + InterfaceName string `json:"interfaceName"` // containerPid is an optional container pid to attach the xdp program in. // +optional diff --git a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go index 12ff8d559d9..0e0e6ec3579 100644 --- a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go @@ -29,6 +29,9 @@ type UprobeProgramInfo struct { type UprobeAttachInfo struct { // function to attach the uprobe to. // +optional + // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 Function string `json:"function"` // offset added to the address of the function for uprobe. diff --git a/bpfman-operator/apis/v1alpha1/xdp_program_types.go b/bpfman-operator/apis/v1alpha1/xdp_program_types.go index 899c42945a6..1491b148003 100644 --- a/bpfman-operator/apis/v1alpha1/xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/xdp_program_types.go @@ -63,8 +63,8 @@ type XdpProgramInfoState struct { type XdpAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // ifName is interface name to attach the xdp program to. - IfName string `json:"ifName"` + // interfaceName is the interface name to attach the xdp program to. + InterfaceName string `json:"interfaceName"` // containerPid Container pid to attach the xdp program in. ContainerPid int32 `json:"containerPid"` From b56446d8d5c04492adcf1acdce4afee3bd6294ee Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 13 Mar 2025 13:01:00 -0400 Subject: [PATCH 10/15] use enum for proceedON and Direction Signed-off-by: Mohamed Mahmoud --- .../apis/v1alpha1/cluster_bpf_application_types.go | 4 ++-- .../apis/v1alpha1/cluster_tc_program_types.go | 9 ++++----- .../apis/v1alpha1/cluster_tcx_program_types.go | 4 ++-- .../apis/v1alpha1/cluster_xdp_program_types.go | 6 ++---- bpfman-operator/apis/v1alpha1/tc_program_types.go | 8 +++----- bpfman-operator/apis/v1alpha1/tcx_program_types.go | 4 ++-- bpfman-operator/apis/v1alpha1/xdp_program_types.go | 4 +--- 7 files changed, 16 insertions(+), 23 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go index 2efed89293d..d7e90b469a4 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go @@ -58,8 +58,8 @@ const ( type TCDirectionType string const ( - TCIngress TCDirectionType = "ingress" - TCEgress TCDirectionType = "egress" + TCIngress TCDirectionType = "Ingress" + TCEgress TCDirectionType = "Egress" ) // ClBpfApplicationProgram defines the desired state of BpfApplication diff --git a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go index 713f89b048e..084f5aac8e0 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go @@ -17,6 +17,7 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 +// +kubebuilder:validation:Enum:=UnSpec;OK;ReClassify;Shot;Pipe;Stolen;Queued;Repeat;ReDirect;Trap;DispatcherReturn; type TcProceedOnValue string // ClTcProgramInfo defines the tc program details @@ -40,7 +41,7 @@ type ClTcAttachInfo struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tc program in relation to @@ -53,8 +54,7 @@ type ClTcAttachInfo struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:MaxItems=11 - // +kubebuilder:default:={pipe,dispatche_return} + // +kubebuilder:default:={Pipe,DispatcherReturn} ProceedOn []TcProceedOnValue `json:"proceedOn"` } @@ -81,7 +81,7 @@ type ClTcAttachInfoState struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tc program in relation to @@ -93,6 +93,5 @@ type ClTcAttachInfoState struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:MaxItems=11 ProceedOn []TcProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go index 34c64922fa5..093ca5d37e5 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go @@ -38,7 +38,7 @@ type ClTcxAttachInfo struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tcx program in relation to @@ -72,7 +72,7 @@ type ClTcxAttachInfoState struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tcx program in relation to diff --git a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go index 843bb6e4ae5..388cb658a2a 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go @@ -17,7 +17,7 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return +// +kubebuilder:validation:Enum:=Aborted;Drop;Pass;TX;Redirect;DispatcherReturn; type XdpProceedOnValue string // ClXdpProgramInfo contains the xdp program details @@ -49,8 +49,7 @@ type ClXdpAttachInfo struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:MaxItems=6 - // +kubebuilder:default:={pass,dispatcher_return} + // +kubebuilder:default:={Pass,DispatcherReturn} ProceedOn []XdpProceedOnValue `json:"proceedOn"` } @@ -84,6 +83,5 @@ type ClXdpAttachInfoState struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:MaxItems=6 ProceedOn []XdpProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/tc_program_types.go b/bpfman-operator/apis/v1alpha1/tc_program_types.go index 8562b97649d..d9f50c0420f 100644 --- a/bpfman-operator/apis/v1alpha1/tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tc_program_types.go @@ -36,7 +36,7 @@ type TcAttachInfo struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tc program in relation to @@ -49,8 +49,7 @@ type TcAttachInfo struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:MaxItems=11 - // +kubebuilder:default:={pipe,dispatcher_return} + // +kubebuilder:default:={Pipe,DispatcherReturn} ProceedOn []TcProceedOnValue `json:"proceedOn"` } @@ -76,7 +75,7 @@ type TcAttachInfoState struct { // direction specifies the direction of traffic the tc program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tc program in relation to @@ -88,6 +87,5 @@ type TcAttachInfoState struct { // proceedOn allows the user to call other tc programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:MaxItems=11 ProceedOn []TcProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/tcx_program_types.go b/bpfman-operator/apis/v1alpha1/tcx_program_types.go index 08b2ee4d386..0771df9ec49 100644 --- a/bpfman-operator/apis/v1alpha1/tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tcx_program_types.go @@ -36,7 +36,7 @@ type TcxAttachInfo struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tcx program in relation to @@ -69,7 +69,7 @@ type TcxAttachInfoState struct { // direction specifies the direction of traffic the tcx program should // attach to for a given network device. - // +kubebuilder:validation:Enum=ingress;egress + // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` // priority specifies the priority of the tcx program in relation to diff --git a/bpfman-operator/apis/v1alpha1/xdp_program_types.go b/bpfman-operator/apis/v1alpha1/xdp_program_types.go index 1491b148003..c8e16d1416d 100644 --- a/bpfman-operator/apis/v1alpha1/xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/xdp_program_types.go @@ -44,8 +44,7 @@ type XdpAttachInfo struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. // +optional - // +kubebuilder:validation:MaxItems=6 - // +kubebuilder:default:={pass,dispatcher_return} + // +kubebuilder:default:={Pass,DispatcherReturn} ProceedOn []XdpProceedOnValue `json:"proceedOn"` } @@ -78,6 +77,5 @@ type XdpAttachInfoState struct { // proceedOn allows the user to call other xdp programs in chain on this exit code. // Multiple values are supported by repeating the parameter. - // +kubebuilder:validation:MaxItems=6 ProceedOn []XdpProceedOnValue `json:"proceedOn"` } From 6a8439cae454629ca605b54c7e1b24064e0636d4 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 13 Mar 2025 16:05:46 -0400 Subject: [PATCH 11/15] fix typo in enum value for xdp Signed-off-by: Mohamed Mahmoud --- bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go index 388cb658a2a..9f369951a43 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go @@ -17,7 +17,7 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// +kubebuilder:validation:Enum:=Aborted;Drop;Pass;TX;Redirect;DispatcherReturn; +// +kubebuilder:validation:Enum:=Aborted;Drop;Pass;TX;ReDirect;DispatcherReturn; type XdpProceedOnValue string // ClXdpProgramInfo contains the xdp program details From a21e120ab84ec6f66db749c1901aae5c93743e34 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Fri, 14 Mar 2025 08:25:56 -0400 Subject: [PATCH 12/15] remove white space in cluster bpfapp state Signed-off-by: Mohamed Mahmoud --- .../apis/v1alpha1/cluster_bpf_application_state_types.go | 1 - 1 file changed, 1 deletion(-) diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go index 531dfafa0ec..861fbf2d5bb 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go @@ -40,7 +40,6 @@ type ClBpfApplicationProgramState struct { // +unionDiscriminator // +required // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"FEntry";"FExit";"KProbe";"KRetProbe";"UProbe";"URetProbe";"TracePoint" - Type EBPFProgType `json:"type"` // xdp defines the desired state of the application's XdpPrograms. From 4d6bd6a4b0c965bc5a3bfbb35d97c7b9734e6bfa Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 20 Mar 2025 15:41:22 -0400 Subject: [PATCH 13/15] Add more validations to address review comments Signed-off-by: Mohamed Mahmoud --- bpfman-operator/apis/v1alpha1/shared_types.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/shared_types.go b/bpfman-operator/apis/v1alpha1/shared_types.go index a725af9ceb5..2db8357e9dd 100644 --- a/bpfman-operator/apis/v1alpha1/shared_types.go +++ b/bpfman-operator/apis/v1alpha1/shared_types.go @@ -14,7 +14,6 @@ See the License for the specific language governing permissions and limitations under the License. */ -// +kubebuilder:validation:Required package v1alpha1 import ( @@ -89,7 +88,7 @@ type BpfAppCommon struct { // mapOwnerSelector is used to select the loaded eBPF program this eBPF program // will share a map with. // +optional - MapOwnerSelector *metav1.LabelSelector `json:"mapOwnerSelector"` + MapOwnerSelector *metav1.LabelSelector `json:"mapOwnerSelector,omitempty"` } // BpfAppStatus reflects the status of a BpfApplication or BpfApplicationState object @@ -149,21 +148,27 @@ const ( // ByteCodeSelector defines the various ways to reference bpf bytecode objects. type ByteCodeSelector struct { // image used to specify a bytecode container image. + // +optional Image *ByteCodeImage `json:"image,omitempty"` // path is used to specify a bytecode object via filepath. + // +kubebuilder:validation:Pattern=`^(/[^/\0]+)+/?$` + // +optional Path *string `json:"path,omitempty"` } // ByteCodeImage defines how to specify a bytecode container image. type ByteCodeImage struct { // url is a valid container image URL used to reference a remote bytecode image. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength:=525 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" Url string `json:"url"` // pullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent. // +kubebuilder:default:=IfNotPresent // +optional - ImagePullPolicy PullPolicy `json:"imagePullPolicy"` + ImagePullPolicy PullPolicy `json:"imagePullPolicy,omitempty"` // imagePullSecret is the name of the secret bpfman should use to get remote image // repository secrets. From e0efe844b8d1c4cc2c91207ece1190dacc0d0720 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Mon, 24 Mar 2025 11:41:50 -0400 Subject: [PATCH 14/15] update url validation check Signed-off-by: Mohamed Mahmoud --- bpfman-operator/apis/v1alpha1/bpf_application_state_types.go | 2 +- bpfman-operator/apis/v1alpha1/bpf_application_types.go | 2 +- bpfman-operator/apis/v1alpha1/shared_types.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go index f277bf3c7f8..d83f9313a3c 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go @@ -35,7 +35,7 @@ type BpfApplicationProgramState struct { // type specifies the bpf program type // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Uprobe";"UretProbe" + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"UProbe";"URetProbe" Type EBPFProgType `json:"type"` // xdp defines the desired state of the application's XdpPrograms. diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_types.go index 692a50d5f59..59b9b2008ec 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_types.go @@ -38,7 +38,7 @@ type BpfApplicationProgram struct { // type specifies the bpf program type // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Uprobe";"UretProbe" + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"UProbe";"URetProbe" Type EBPFProgType `json:"type"` // xdp defines the desired state of the application's XdpPrograms. diff --git a/bpfman-operator/apis/v1alpha1/shared_types.go b/bpfman-operator/apis/v1alpha1/shared_types.go index 2db8357e9dd..32ab5b1092a 100644 --- a/bpfman-operator/apis/v1alpha1/shared_types.go +++ b/bpfman-operator/apis/v1alpha1/shared_types.go @@ -162,7 +162,7 @@ type ByteCodeImage struct { // url is a valid container image URL used to reference a remote bytecode image. // +kubebuilder:validation:Required // +kubebuilder:validation:MaxLength:=525 - // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:Pattern=`[a-zA-Z0-9_][a-zA-Z0-9._-]{0,127}` Url string `json:"url"` // pullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent. From 637c663feecda71be719892b1d604433223dd80a Mon Sep 17 00:00:00 2001 From: Andre Fredette Date: Wed, 30 Apr 2025 18:18:13 -0400 Subject: [PATCH 15/15] bpfman-operator api updates This commit includes changes based on multiple review comments. Signed-off-by: Andre Fredette --- .../v1alpha1/bpf_application_state_types.go | 104 ++++++-- .../apis/v1alpha1/bpf_application_types.go | 123 ++++++++- .../cluster_bpf_application_state_types.go | 137 +++++++--- .../v1alpha1/cluster_bpf_application_types.go | 196 ++++++++++++-- .../v1alpha1/cluster_fentry_program_types.go | 42 +-- .../v1alpha1/cluster_fexit_program_types.go | 39 ++- .../v1alpha1/cluster_kprobe_program_types.go | 49 ++-- .../cluster_kretprobe_program_types.go | 35 ++- .../apis/v1alpha1/cluster_tc_program_types.go | 116 ++++++--- .../v1alpha1/cluster_tcx_program_types.go | 90 ++++--- .../cluster_tracepoint_program_types.go | 38 ++- .../v1alpha1/cluster_uprobe_program_types.go | 88 ++++--- .../v1alpha1/cluster_xdp_program_types.go | 98 ++++--- bpfman-operator/apis/v1alpha1/shared_types.go | 242 +++++++++++++----- .../apis/v1alpha1/tc_program_types.go | 116 ++++++--- .../apis/v1alpha1/tcx_program_types.go | 90 ++++--- .../apis/v1alpha1/uprobe_program_types.go | 82 +++--- .../apis/v1alpha1/xdp_program_types.go | 93 ++++--- .../apis/v1alpha1/zz_generated.deepcopy.go | 162 ++++++++---- 19 files changed, 1400 insertions(+), 540 deletions(-) diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go index d83f9313a3c..f3142de3b42 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_state_types.go @@ -22,7 +22,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -// BpfApplicationProgramState defines the desired state of BpfApplication // +union // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" @@ -32,54 +31,103 @@ import ( type BpfApplicationProgramState struct { BpfProgramStateCommon `json:",inline"` - // type specifies the bpf program type + // type specifies the provisioned eBPF program type for this program entry. + // Type will be one of: + // TC, TCX, UProbe, URetProbe, XDP + // + // When set to TC, the tc object will be populated with the eBPF program data + // associated with a TC program. + // + // When set to TCX, the tcx object will be populated with the eBPF program + // data associated with a TCX program. + // + // When set to UProbe, the uprobe object will be populated with the eBPF + // program data associated with a UProbe program. + // + // When set to URetProbe, the uretprobe object will be populated with the eBPF + // program data associated with a URetProbe program. + // + // When set to XDP, the xdp object will be populated with the eBPF program data + // associated with a URetProbe program. // +unionDiscriminator // +required // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"UProbe";"URetProbe" Type EBPFProgType `json:"type"` - // xdp defines the desired state of the application's XdpPrograms. + // xdp contains the attachment data for an XDP program when type is set to XDP. // +unionMember // +optional XDP *XdpProgramInfoState `json:"xdp,omitempty"` - // tc defines the desired state of the application's TcPrograms. + // tc contains the attachment data for a TC program when type is set to TC. // +unionMember // +optional TC *TcProgramInfoState `json:"tc,omitempty"` - // tcx defines the desired state of the application's TcxPrograms. + // tcx contains the attachment data for a TCX program when type is set to TCX. // +unionMember // +optional TCX *TcxProgramInfoState `json:"tcx,omitempty"` - // uprobe defines the desired state of the application's UprobePrograms. + // uprobe contains the attachment data for a UProbe program when type is set to + // UProbe. // +unionMember // +optional UProbe *UprobeProgramInfoState `json:"uprobe,omitempty"` - // uretprobe defines the desired state of the application's UretprobePrograms. + // uretprobe contains the attachment data for a URetProbe program when type is + // set to URetProbe. // +unionMember // +optional URetProbe *UprobeProgramInfoState `json:"uretprobe,omitempty"` } -// BpfApplicationSpec defines the desired state of BpfApplication -type BpfApplicationStateSpec struct { - // node is the name of the node for this BpfApplicationStateSpec. - Node string `json:"node"` - // updateCount is the number of times the BpfApplicationState has been updated. Set to 1 - // when the object is created, then it is incremented prior to each update. - // This allows us to verify that the API server has the updated object prior - // to starting a new Reconcile operation. +type BpfApplicationStateStatus struct { + // UpdateCount tracks the number of times the BpfApplicationState object has + // been updated. The bpfman agent initializes it to 1 when it creates the + // object, and then increments it before each subsequent update. It serves + // as a lightweight sequence number to verify that the API server is serving + // the most recent version of the object before beginning a new Reconcile + // operation. UpdateCount int64 `json:"updateCount"` - // appLoadStatus reflects the status of loading the bpf application on the + // node is the name of the Kubernets node for this BpfApplicationState. + Node string `json:"node"` + // appLoadStatus reflects the status of loading the eBPF application on the // given node. + // + // NotLoaded is a temporary state that is assigned when a + // ClusterBpfApplicationState is created and the initial reconcile is being + // processed. + // + // LoadSuccess is returned if all the programs have been loaded with no + // errors. + // + // LoadError is returned if one or more programs encountered an error and + // were not loaded. + // + // NotSelected is returned if this application did not select to run on this + // Kubernetes node. + // + // UnloadSuccess is returned when all the programs were successfully + // unloaded. + // + // UnloadError is returned if one or more programs encountered an error when + // being unloaded. AppLoadStatus AppLoadStatus `json:"appLoadStatus"` - // programs is a list of bpf programs contained in the parent application. - // It is a map from the bpf program name to BpfApplicationProgramState - // elements. + // programs is a list of eBPF programs contained in the parent BpfApplication + // instance. Each entry in the list contains the derived program attributes as + // well as the attach status for each program on the given Kubernetes node. Programs []BpfApplicationProgramState `json:"programs,omitempty"` + // conditions contains the summary state of the BpfApplication for the given + // Kubernetes node. If one or more programs failed to load or attach to the + // designated attachment point, the condition will report the error. If more + // than one error has occurred, condition will contain the first error + // encountered. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` } // +genclient @@ -87,16 +135,22 @@ type BpfApplicationStateSpec struct { // +kubebuilder:subresource:status // +kubebuilder:resource:scope=Namespaced -// BpfApplicationState contains the per-node state of a BpfApplication. -// +kubebuilder:printcolumn:name="Node",type=string,JSONPath=".spec.node" +// BpfApplicationState contains the state of a BpfApplication instance for a +// given Kubernetes node. When a user creates a BpfApplication instance, bpfman +// creates a BpfApplicationState instance for each node in a Kubernetes +// cluster. +// +kubebuilder:printcolumn:name="Node",type=string,JSONPath=".status.node" // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" type BpfApplicationState struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec BpfApplicationStateSpec `json:"spec,omitempty"` - Status BpfAppStatus `json:"status,omitempty"` + // status reflects the status of a BpfApplication instance for the given node. + // appLoadStatus and conditions provide an overall status for the given node, + // while each item in the programs list provides a per eBPF program status for + // the given node. + Status BpfApplicationStateStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true @@ -123,8 +177,8 @@ func (an BpfApplicationState) GetLabels() map[string]string { return an.Labels } -func (an BpfApplicationState) GetStatus() *BpfAppStatus { - return &an.Status +func (an BpfApplicationState) GetConditions() []metav1.Condition { + return an.Status.Conditions } func (an BpfApplicationState) GetClientObject() client.Object { diff --git a/bpfman-operator/apis/v1alpha1/bpf_application_types.go b/bpfman-operator/apis/v1alpha1/bpf_application_types.go index 59b9b2008ec..29b2d8ac653 100644 --- a/bpfman-operator/apis/v1alpha1/bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/bpf_application_types.go @@ -28,52 +28,141 @@ import ( // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UProbe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is uprobe, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'URetProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" type BpfApplicationProgram struct { - // name is the name of the function that is the entry point for the BPF - // program + // name is a required field and is the name of the function that is the entry + // point for the eBPF program. name must not be an empty string, must not + // exceed 64 characters in length, must start with alpha characters and must + // only contain alphanumeric characters. + // +required // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 Name string `json:"name"` - // type specifies the bpf program type + // type is a required field used to specify the type of the eBPF program. + // + // Allowed values are: + // TC, TCX, UProbe, URetProbe, XDP + // + // When set to TC, the eBPF program can attach to network devices (interfaces). + // The program can be attached on either packet ingress or egress, so the + // program will be called on every incoming or outgoing packet seen by the + // network device. When using the TC program type, the tc field is required. + // See tc for more details on TC programs. + // + // When set to TCX, the eBPF program can attach to network devices + // (interfaces). The program can be attached on either packet ingress or + // egress, so the program will be called on every incoming or outgoing packet + // seen by the network device. When using the TCX program type, the tcx field + // is required. See tcx for more details on TCX programs. + // + // When set to UProbe, the program can attach in user-space. The UProbe is + // attached to a binary, library or function name, and optionally an offset in + // the code. When using the UProbe program type, the uprobe field is required. + // See uprobe for more details on UProbe programs. + // + // When set to URetProbe, the program can attach in user-space. + // The URetProbe is attached to the return of a binary, library or function + // name, and optionally an offset in the code. When using the URetProbe + // program type, the uretprobe field is required. See uretprobe for more + // details on URetProbe programs. + // + // When set to XDP, the eBPF program can attach to network devices (interfaces) + // and will be called on every incoming packet received by the network device. + // When using the XDP program type, the xdp field is required. See xdp for more + // details on XDP programs. // +unionDiscriminator // +required // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"UProbe";"URetProbe" Type EBPFProgType `json:"type"` - // xdp defines the desired state of the application's XdpPrograms. + // xdp is an optional field, but required when the type field is set to XDP. + // xdp defines the desired state of the application's XDP programs. XDP program + // can be attached to network devices (interfaces) and will be called on every + // incoming packet received by the network device. The XDP attachment point is + // just after the packet has been received off the wire, but before the Linux + // kernel has allocated an sk_buff, which is used to pass the packet through + // the kernel networking stack. // +unionMember // +optional XDP *XdpProgramInfo `json:"xdp,omitempty"` - // tc defines the desired state of the application's TcPrograms. + // tc is an optional field, but required when the type field is set to TC. tc + // defines the desired state of the application's TC programs. TC programs are + // attached to network devices (interfaces). The program can be attached on + // either packet ingress or egress, so the program will be called on every + // incoming or outgoing packet seen by the network device. The TC attachment + // point is in Linux's Traffic Control (tc) subsystem, which is after the + // Linux kernel has allocated an sk_buff. TCX is newer implementation of TC + // with enhanced performance and better support for running multiple programs + // on a given network device. This makes TC useful for packet classification + // actions. // +unionMember // +optional TC *TcProgramInfo `json:"tc,omitempty"` - // tcx defines the desired state of the application's TcxPrograms. + // tcx is an optional field, but required when the type field is set to TCX. + // tcx defines the desired state of the application's TCX programs. TCX + // programs are attached to network devices (interfaces). The program can be + // attached on either packet ingress or egress, so the program will be called + // on every incoming or outgoing packet seen by the network device. The TCX + // attachment point is in Linux's Traffic Control (tc) subsystem, which is + // after the Linux kernel has allocated an sk_buff. This makes TCX useful for + // packet classification actions. TCX is a newer implementation of TC with + // enhanced performance and better support for running multiple programs on a + // given network device. // +unionMember // +optional TCX *TcxProgramInfo `json:"tcx,omitempty"` - // uprobe defines the desired state of the application's UprobePrograms. + // uprobe is an optional field, but required when the type field is set to + // UProbe. uprobe defines the desired state of the application's UProbe + // programs. UProbe programs are user-space probes. A target must be provided, + // which is the library name or absolute path to a binary or library where the + // probe is attached. Optionally, a function name can also be provided to + // provide finer granularity on where the probe is attached. They can be + // attached at any point in the binary, library or function using the optional + // offset field. However, caution must be taken when using the offset, ensuring + // the offset is still in the desired bytecode. // +unionMember // +optional UProbe *UprobeProgramInfo `json:"uprobe,omitempty"` - // uretprobe defines the desired state of the application's UretprobePrograms. + // uretprobe is an optional field, but required when the type field is set to + // URetProbe. uretprobe defines the desired state of the application's + // URetProbe programs. URetProbe programs are user-space probes. A target must + // be provided, which is the library name or absolute path to a binary or + // library where the probe is attached. Optionally, a function name can also be + // provided to provide finer granularity on where the probe is attached. They + // are attached to the return point of the binary, library or function, but can + // be set anywhere using the optional offset field. However, caution must be + // taken when using the offset, ensuring the offset is still in the desired + // bytecode. // +unionMember // +optional URetProbe *UprobeProgramInfo `json:"uretprobe,omitempty"` } -// BpfApplicationSpec defines the desired state of BpfApplication +// spec defines the desired state of the BpfApplication. The BpfApplication +// describes the set of one or more namespace scoped eBPF programs that should +// be loaded for a given application and attributes for how they should be +// loaded. eBPF programs that are grouped together under the same +// BpfApplication instance can share maps and global data between the eBPF +// programs loaded on the same Kubernetes Node. type BpfApplicationSpec struct { BpfAppCommon `json:",inline"` - // programs is the list of bpf programs in the BpfApplication that should be - // loaded. The application can selectively choose which program(s) to run - // from this list based on the optional attach points provided. + // programs is a required field and is the list of eBPF programs in a BPF + // Application CRD that should be loaded in kernel memory. At least one entry + // is required. eBPF programs in this list will be loaded on the system based + // the nodeSelector. Even if an eBPF program is loaded in kernel memory, it + // cannot be triggered until an attachment point is provided. The different + // program types have different ways of attaching. The attachment points can be + // added at creation time or modified (added or removed) at a later time to + // activate or deactivate the eBPF program as desired. + // CAUTION: When programs are added or removed from the list, that requires all + // programs in the list to be reloaded, which could be temporarily service + // effecting. For this reason, modifying the list is currently not allowed. + // +required // +kubebuilder:validation:MinItems:=1 Programs []BpfApplicationProgram `json:"programs,omitempty"` } @@ -83,7 +172,15 @@ type BpfApplicationSpec struct { // +kubebuilder:subresource:status // +kubebuilder:resource:scope=Namespaced -// BpfApplication is the Schema for the bpfapplications API +// BpfApplication is the schema for the namespace scoped BPF Applications API. +// This API allows applications to use bpfman to load and attach one or more +// eBPF programs on a Kubernetes cluster. +// +// The bpfApplication.status field reports the overall status of the +// BpfApplication CRD. A given BpfApplication CRD can result in loading and +// attaching multiple eBPF programs on multiple nodes, so this status is just a +// summary. More granular per-node status details can be found in the +// corresponding BpfApplicationState CRD that bpfman creates for each node. // +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go index 861fbf2d5bb..1d55fba90e1 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_state_types.go @@ -22,7 +22,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -// ClBpfApplicationProgramState defines the desired state of BpfApplication // +union // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" @@ -36,79 +35,149 @@ import ( // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepoint) : !has(self.tracepoint)",message="tracepoint configuration is required when type is tracepoint, and forbidden otherwise" type ClBpfApplicationProgramState struct { BpfProgramStateCommon `json:",inline"` - // type specifies the bpf program type + + // type specifies the provisioned eBPF program type for this program entry. + // Type will be one of: + // FEntry, FExit, KProbe, KRetProbe, TC, TCX, Tracepoint, UProbe, + // URetProbe, XDP + // + // When set to FEntry, the fentry object will be populated with the eBPF + // program data associated with an FEntry program. + // + // When set to FExit, the fexit object will be populated with the eBPF program + // data associated with an FExit program. + // + // When set to KProbe, the kprobe object will be populated with the eBPF + // program data associated with a KProbe program. + // + // When set to KRetProbe, the kretprobe object will be populated with the + // eBPF program data associated with a KRetProbe program. + // + // When set to TC, the tc object will be populated with the eBPF program data + // associated with a TC program. + // + // When set to TCX, the tcx object will be populated with the eBPF program + // data associated with a TCX program. + // + // When set to Tracepoint, the tracepoint object will be populated with the + // eBPF program data associated with a Tracepoint program. + // + // When set to UProbe, the uprobe object will be populated with the eBPF + // program data associated with a UProbe program. + // + // When set to URetProbe, the uretprobe object will be populated with the eBPF + // program data associated with a URetProbe program. + // + // When set to XDP, the xdp object will be populated with the eBPF program data + // associated with a URetProbe program. // +unionDiscriminator // +required - // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"FEntry";"FExit";"KProbe";"KRetProbe";"UProbe";"URetProbe";"TracePoint" + // +kubebuilder:validation:Enum:="FEntry";"FExit";"KProbe";"KRetProbe";"TC";"TCX";"TracePoint";"UProbe";"URetProbe";"XDP" Type EBPFProgType `json:"type"` - // xdp defines the desired state of the application's XdpPrograms. + // xdp contains the attachment data for an XDP program when type is set to XDP. // +unionMember // +optional XDP *ClXdpProgramInfoState `json:"xdp,omitempty"` - // tc defines the desired state of the application's TcPrograms. + // tc contains the attachment data for a TC program when type is set to TC. // +unionMember // +optional TC *ClTcProgramInfoState `json:"tc,omitempty"` - // tcx defines the desired state of the application's TcxPrograms. + // tcx contains the attachment data for a TCX program when type is set to TCX. // +unionMember // +optional TCX *ClTcxProgramInfoState `json:"tcx,omitempty"` - // fentry defines the desired state of the application's FentryPrograms. + // fentry contains the attachment data for an FEntry program when type is set + // to FEntry. // +unionMember // +optional FEntry *ClFentryProgramInfoState `json:"fentry,omitempty"` - // fexit defines the desired state of the application's FexitPrograms. + // fexit contains the attachment data for an FExit program when type is set to + // FExit. // +unionMember // +optional FExit *ClFexitProgramInfoState `json:"fexit,omitempty"` - // kprobe defines the desired state of the application's KprobePrograms. + // kprobe contains the attachment data for a KProbe program when type is set to + // KProbe. // +unionMember // +optional KProbe *ClKprobeProgramInfoState `json:"kprobe,omitempty"` - // kretprobe defines the desired state of the application's KprobePrograms. + // kretprobe contains the attachment data for a KRetProbe program when type is + // set to KRetProbe. // +unionMember // +optional KRetProbe *ClKretprobeProgramInfoState `json:"kretprobe,omitempty"` - // uprobe defines the desired state of the application's UprobePrograms. + // uprobe contains the attachment data for a UProbe program when type is set to + // UProbe. // +unionMember // +optional UProbe *ClUprobeProgramInfoState `json:"uprobe,omitempty"` - // uretprobe defines the desired state of the application's UretprobePrograms. + // uretprobe contains the attachment data for a URetProbe program when type is + // set to URetProbe. // +unionMember // +optional URetProbe *ClUprobeProgramInfoState `json:"uretprobe,omitempty"` - // tracepoint defines the desired state of the application's TracepointPrograms. + // tracepoint contains the attachment data for a Tracepoint program when type + // is set to Tracepoint. // +unionMember // +optional TracePoint *ClTracepointProgramInfoState `json:"tracepoint,omitempty"` } -// BpfApplicationSpec defines the desired state of BpfApplication -type ClBpfApplicationStateSpec struct { - // node is the name of the node for this BpfApplicationStateSpec. - Node string `json:"node"` - // updateCount is the number of times the BpfApplicationState has been updated. Set to 1 - // when the object is created, then it is incremented prior to each update. - // This allows us to verify that the API server has the updated object prior - // to starting a new Reconcile operation. +type ClBpfApplicationStateStatus struct { + // UpdateCount tracks the number of times the BpfApplicationState object has + // been updated. The bpfman agent initializes it to 1 when it creates the + // object, and then increments it before each subsequent update. It serves + // as a lightweight sequence number to verify that the API server is serving + // the most recent version of the object before beginning a new Reconcile + // operation. UpdateCount int64 `json:"updateCount"` - // appLoadStatus reflects the status of loading the bpf application on the + // node is the name of the Kubernetes node for this ClusterBpfApplicationState. + Node string `json:"node"` + // appLoadStatus reflects the status of loading the eBPF application on the // given node. + // + // NotLoaded is a temporary state that is assigned when a + // ClusterBpfApplicationState is created and the initial reconcile is being + // processed. + // + // LoadSuccess is returned if all the programs have been loaded with no errors. + // + // LoadError is returned if one or more programs encountered an error and were + // not loaded. + // + // NotSelected is returned if this application did not select to run on this + // Kubernetes node. + // + // UnloadSuccess is returned when all the programs were successfully unloaded. + // + // UnloadError is returned if one or more programs encountered an error when + // being unloaded. AppLoadStatus AppLoadStatus `json:"appLoadStatus"` - // programs is a list of bpf programs contained in the parent application. - // It is a map from the bpf program name to BpfApplicationProgramState - // elements. + // programs is a list of eBPF programs contained in the parent + // ClusterBpfApplication instance. Each entry in the list contains the derived + // program attributes as well as the attach status for each program on the + // given Kubernetes node. Programs []ClBpfApplicationProgramState `json:"programs,omitempty"` + // conditions contains the summary state of the ClusterBpfApplication for the + // given Kubernetes node. If one or more programs failed to load or attach to + // the designated attachment point, the condition will report the error. If + // more than one error has occurred, condition will contain the first error + // encountered. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` } // +genclient @@ -117,16 +186,22 @@ type ClBpfApplicationStateSpec struct { // +kubebuilder:subresource:status // +kubebuilder:resource:scope=Cluster -// ClusterBpfApplicationState contains the per-node state of a BpfApplication. -// +kubebuilder:printcolumn:name="Node",type=string,JSONPath=".spec.node" +// ClusterBpfApplicationState contains the state of a ClusterBpfApplication +// instance for a given Kubernetes node. When a user creates a +// ClusterBpfApplication instance, bpfman creates a ClusterBpfApplicationState +// instance for each node in a Kubernetes cluster. +// +kubebuilder:printcolumn:name="Node",type=string,JSONPath=".status.node" // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" type ClusterBpfApplicationState struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ClBpfApplicationStateSpec `json:"spec,omitempty"` - Status BpfAppStatus `json:"status,omitempty"` + // status reflects the status of a ClusterBpfApplication instance for the given + // node. appLoadStatus and conditions provide an overall status for the given + // node, while each item in the programs list provides a per eBPF program + // status for the given node. + Status ClBpfApplicationStateStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true @@ -153,8 +228,8 @@ func (an ClusterBpfApplicationState) GetLabels() map[string]string { return an.Labels } -func (an ClusterBpfApplicationState) GetStatus() *BpfAppStatus { - return &an.Status +func (an ClusterBpfApplicationState) GetConditions() []metav1.Condition { + return an.Status.Conditions } func (an ClusterBpfApplicationState) GetClientObject() client.Object { diff --git a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go index d7e90b469a4..97b91eb40d3 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_bpf_application_types.go @@ -62,7 +62,6 @@ const ( TCEgress TCDirectionType = "Egress" ) -// ClBpfApplicationProgram defines the desired state of BpfApplication // +union // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is xdp, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is tc, and forbidden otherwise" @@ -75,78 +74,226 @@ const ( // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'URetProbe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is uretprobe, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TracePoint' ? has(self.tracepoint) : !has(self.tracepoint)",message="tracepoint configuration is required when type is tracepoint, and forbidden otherwise" type ClBpfApplicationProgram struct { - // name is the name of the function that is the entry point for the BPF - // program + // name is a required field and is the name of the function that is the entry + // point for the eBPF program. name must not be an empty string, must not + // exceed 64 characters in length, must start with alpha characters and must + // only contain alphanumeric characters. + // +required // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 Name string `json:"name"` - // type specifies the bpf program type + // type is a required field used to specify the type of the eBPF program. + // + // Allowed values are: + // FEntry, FExit, KProbe, KRetProbe, TC, TCX, TracePoint, UProbe, URetProbe, + // XDP + // + // When set to FEntry, the program is attached to the entry of a Linux kernel + // function or to another eBPF program function. When using the FEntry program + // type, the fentry field is required. See fentry for more details on FEntry + // programs. + // + // When set to FExit, the program is attached to the exit of a Linux kernel + // function or to another eBPF program function. When using the FExit program + // type, the fexit field is required. See fexit for more details on FExit + // programs. + // + // When set to KProbe, the program is attached to entry of a Linux kernel + // function. When using the KProbe program type, the kprobe field is required. + // See kprobe for more details on KProbe programs. + // + // When set to KRetProbe, the program is attached to exit of a Linux kernel + // function. When using the KRetProbe program type, the kretprobe field is + // required. See kretprobe for more details on KRetProbe programs. + // + // When set to TC, the eBPF program can attach to network devices (interfaces). + // The program can be attached on either packet ingress or egress, so the + // program will be called on every incoming or outgoing packet seen by the + // network device. When using the TC program type, the tc field is required. + // See tc for more details on TC programs. + // + // When set to TCX, the eBPF program can attach to network devices + // (interfaces). The program can be attached on either packet ingress or + // egress, so the program will be called on every incoming or outgoing packet + // seen by the network device. When using the TCX program type, the tcx field + // is required. See tcx for more details on TCX programs. + // + // When set to Tracepoint, the program can attach to one of the predefined set + // of Linux kernel functions. When using the Tracepoint program type, the + // tracepoint field is required. See tracepoint for more details on Tracepoint + // programs. + // + // When set to UProbe, the program can attach in user-space. The UProbe is + // attached to a binary, library or function name, and optionally an offset in + // the code. When using the UProbe program type, the uprobe field is required. + // See uprobe for more details on UProbe programs. + // + // When set to URetProbe, the program can attach in user-space. + // The URetProbe is attached to the return of a binary, library or function + // name, and optionally an offset in the code. When using the URetProbe + // program type, the uretprobe field is required. See uretprobe for more + // details on URetProbe programs. + // + // When set to XDP, the eBPF program can attach to network devices (interfaces) + // and will be called on every incoming packet received by the network device. + // When using the XDP program type, the xdp field is required. See xdp for more + // details on XDP programs. // +unionDiscriminator // +required // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"FEntry";"FExit";"KProbe";"KRetProbe";"UProbe";"URetProbe";"TracePoint" Type EBPFProgType `json:"type"` - // xdp defines the desired state of the application's XdpPrograms. + // xdp is an optional field, but required when the type field is set to XDP. + // xdp defines the desired state of the application's XDP programs. XDP program + // can be attached to network devices (interfaces) and will be called on every + // incoming packet received by the network device. The XDP attachment point is + // just after the packet has been received off the wire, but before the Linux + // kernel has allocated an sk_buff, which is used to pass the packet through + // the kernel networking stack. // +unionMember // +optional XDP *ClXdpProgramInfo `json:"xdp,omitempty"` - // tc defines the desired state of the application's TcPrograms. + // tc is an optional field, but required when the type field is set to TC. tc + // defines the desired state of the application's TC programs. TC programs are + // attached to network devices (interfaces). The program can be attached on + // either packet ingress or egress, so the program will be called on every + // incoming or outgoing packet seen by the network device. The TC attachment + // point is in Linux's Traffic Control (tc) subsystem, which is after the + // Linux kernel has allocated an sk_buff. TCX is newer implementation of TC + // with enhanced performance and better support for running multiple programs + // on a given network device. This makes TC useful for packet classification + // actions. // +unionMember // +optional TC *ClTcProgramInfo `json:"tc,omitempty"` - // tcx defines the desired state of the application's TcxPrograms. + // tcx is an optional field, but required when the type field is set to TCX. + // tcx defines the desired state of the application's TCX programs. TCX + // programs are attached to network devices (interfaces). The program can be + // attached on either packet ingress or egress, so the program will be called + // on every incoming or outgoing packet seen by the network device. The TCX + // attachment point is in Linux's Traffic Control (tc) subsystem, which is + // after the Linux kernel has allocated an sk_buff. This makes TCX useful for + // packet classification actions. TCX is a newer implementation of TC with + // enhanced performance and better support for running multiple programs on a + // given network device. // +unionMember // +optional TCX *ClTcxProgramInfo `json:"tcx,omitempty"` - // fentry defines the desired state of the application's FentryPrograms. + // fentry is an optional field, but required when the type field is set to + // FEntry. fentry defines the desired state of the application's FEntry + // programs. FEntry programs are attached to the entry of a Linux kernel + // function or to another eBPF program function. They are attached to the first + // instruction, before control passes to the function. FEntry programs are + // similar to KProbe programs, but have higher performance. // +unionMember // +optional FEntry *ClFentryProgramInfo `json:"fentry,omitempty"` - // fexit defines the desired state of the application's FexitPrograms. + // fexit is an optional field, but required when the type field is set to + // FExit. fexit defines the desired state of the application's FExit programs. + // FExit programs are attached to the exit of a Linux kernel function or to + // another eBPF program function. The program is invoked when the function + // returns, independent of where in the function that occurs. FExit programs + // are similar to KRetProbe programs, but get invoked with the input arguments + // and the return values. They also have higher performance over KRetProbe + // programs. // +unionMember // +optional FExit *ClFexitProgramInfo `json:"fexit,omitempty"` - // kprobe defines the desired state of the application's KprobePrograms. + // kprobe is an optional field, but required when the type field is set to + // KProbe. kprobe defines the desired state of the application's Kprobe + // programs. KProbe programs are attached to a Linux kernel function. Unlike + // FEntry programs, which must always be attached at the entry point of a Linux + // kernel function, KProbe programs can be attached at any point in the + // function using the optional offset field. However, caution must be taken + // when using the offset, ensuring the offset is still in the function + // bytecode. FEntry programs have less overhead than KProbe programs. // +unionMember // +optional KProbe *ClKprobeProgramInfo `json:"kprobe,omitempty"` - // kretprobe defines the desired state of the application's KretprobePrograms. + // kretprobe is an optional field, but required when the type field is set to + // KRetProbe. kretprobe defines the desired state of the application's + // KRetProbe programs. KRetProbe programs are attached to the exit of a Linux + // kernel function. FExit programs have less overhead than KRetProbe programs + // and FExit programs have access to both the input arguments as well as the + // return values. KRetProbes only have access to the return values. // +unionMember // +optional KRetProbe *ClKretprobeProgramInfo `json:"kretprobe,omitempty"` - // uprobe defines the desired state of the application's UprobePrograms. + // uprobe is an optional field, but required when the type field is set to + // UProbe. uprobe defines the desired state of the application's UProbe + // programs. UProbe programs are user-space probes. A target must be provided, + // which is the library name or absolute path to a binary or library where the + // probe is attached. Optionally, a function name can also be provided to + // provide finer granularity on where the probe is attached. They can be + // attached at any point in the binary, library or function using the optional + // offset field. However, caution must be taken when using the offset, ensuring + // the offset is still in the desired bytecode. // +unionMember // +optional UProbe *ClUprobeProgramInfo `json:"uprobe,omitempty"` - // uretprobeInfo defines the desired state of the application's UretprobePrograms. + // uretprobe is an optional field, but required when the type field is set to + // URetProbe. uretprobe defines the desired state of the application's + // URetProbe programs. URetProbe programs are user-space probes. A target must + // be provided, which is the library name or absolute path to a binary or + // library where the probe is attached. Optionally, a function name can also be + // provided to provide finer granularity on where the probe is attached. They + // are attached to the return point of the binary, library or function, but can + // be set anywhere using the optional offset field. However, caution must be + // taken when using the offset, ensuring the offset is still in the desired + // bytecode. // +unionMember // +optional URetProbe *ClUprobeProgramInfo `json:"uretprobe,omitempty"` - // tracepointInfo defines the desired state of the application's TracepointPrograms. + // tracepoint is an optional field, but required when the type field is set to + // Tracepoint. tracepoint defines the desired state of the application's + // Tracepoint programs. Whereas KProbes attach to dynamically to any Linux + // kernel function, Tracepoint programs are programs that can only be attached + // at predefined locations in the Linux kernel. Use the following command to + // see the available attachment points: + // `sudo find /sys/kernel/debug/tracing/events -type d` + // While KProbes are more flexible in where in the kernel the probe can be + // attached, the functions and data structure rely on the kernel your system is + // running. Tracepoints tend to be more stable across kernel versions and are + // better for portability. // +unionMember // +optional TracePoint *ClTracepointProgramInfo `json:"tracepoint,omitempty"` } -// ClBpfApplicationSpec defines the desired state of BpfApplication +// spec defines the desired state of the ClusterBpfApplication. The +// ClusterBpfApplication describes the set of one or more cluster scoped eBPF +// programs that should be loaded for a given application and attributes for +// how they should be loaded. eBPF programs that are grouped together under the +// same ClusterBpfApplication instance can share maps and global data between +// the eBPF programs loaded on the same Kubernetes Node. type ClBpfApplicationSpec struct { BpfAppCommon `json:",inline"` - // programs is the list of bpf programs in the BpfApplication that should be - // loaded. The application can selectively choose which program(s) to run - // from this list based on the optional attach points provided. + + // programs is a required field and is the list of eBPF programs in a BPF + // Application CRD that should be loaded in kernel memory. At least one entry + // is required. eBPF programs in this list will be loaded on the system based + // the nodeSelector. Even if an eBPF program is loaded in kernel memory, it + // cannot be triggered until an attachment point is provided. The different + // program types have different ways of attaching. The attachment points can be + // added at creation time or modified (added or removed) at a later time to + // activate or deactivate the eBPF program as desired. + // CAUTION: When programs are added or removed from the list, that requires all + // programs in the list to be reloaded, which could be temporarily service + // effecting. For this reason, modifying the list is currently not allowed. + // +required // +kubebuilder:validation:MinItems:=1 - Programs []ClBpfApplicationProgram `json:"programs,omitempty"` + Programs []ClBpfApplicationProgram `json:"programs"` } // +genclient @@ -155,7 +302,16 @@ type ClBpfApplicationSpec struct { // +kubebuilder:subresource:status // +kubebuilder:resource:scope=Cluster -// ClusterBpfApplication is the Schema for the bpfapplications API +// ClusterBpfApplication is the schema for the cluster scoped BPF Applications +// API. This API allows applications to use bpfman to load and attach one or +// more eBPF programs on a Kubernetes cluster. +// +// The clusterBpfApplication.status field reports the overall status of the +// ClusterBpfApplication CRD. A given ClusterBpfApplication CRD can result in +// loading and attaching multiple eBPF programs on multiple nodes, so this +// status is just a summary. More granular per-node status details can be +// found in the corresponding ClusterBpfApplicationState CRD that bpfman +// creates for each node. // +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" diff --git a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go index 017954ede10..ceab34dbf1c 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fentry_program_types.go @@ -17,20 +17,29 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// ClFentryProgramInfo defines the Fentry program details type ClFentryProgramInfo struct { ClFentryLoadInfo `json:",inline"` - // Whether the program should be attached to the function. + + // links is an optional field and is a flag to indicate if the FEntry program + // should be attached. The attachment point for a FEntry program is a Linux + // kernel function. Unlike other eBPF program types, an FEntry program must be + // provided with the target function at load time. The links field is optional, + // but unlike other program types where it represents a list of attachment + // points, for FEntry programs it contains at most one entry that determines + // whether the program should be attached to the specified function. To attach + // the program, add an entry to links with mode set to Attach. To detach it, + // remove the entry from links. // +optional // +kubebuilder:validation:MaxItems=1 - // +kubebuilder:default:={} - Links []ClFentryAttachInfo `json:"links"` + Links []ClFentryAttachInfo `json:"links,omitempty"` } -// ClFentryLoadInfo contains the program-specific load information for Fentry -// programs type ClFentryLoadInfo struct { - // function is the name of the function to attach the Fentry program to. + // function is a required field and specifies the name of the Linux kernel + // function to attach the FEntry program. function must not be an empty string, + // must not exceed 64 characters in length, must start with alpha characters + // and must only contain alphanumeric characters. + // +required // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 @@ -40,24 +49,27 @@ type ClFentryLoadInfo struct { type AttachTypeAttach string const ( - Attach AttachTypeAttach = "Attach" - Dettach AttachTypeAttach = "Detach" + Attach AttachTypeAttach = "Attach" ) -// ClFentryAttachInfo indicates that the Fentry program should be attached to -// the function identified in ClFentryLoadInfo. The only valid value for Attach -// is true. type ClFentryAttachInfo struct { - // +kubebuilder:validation:Enum=Attach;Dettach; + // mode is a required field. When set to Attach, the FEntry program will + // attempt to be attached. To detach the FEntry program, remove the link entry. + // +required + // +kubebuilder:validation:Enum=Attach; Mode AttachTypeAttach `json:"mode"` } type ClFentryProgramInfoState struct { ClFentryLoadInfo `json:",inline"` + + // links is a list of attachment points for the FEntry program. Each entry in + // the list includes a linkStatus, which indicates if the attachment was + // successful or not on this node, a linkId, which is the kernel ID for the + // link if successfully attached, and other attachment specific data. // +optional // +kubebuilder:validation:MaxItems=1 - // +kubebuilder:default:={} - Links []ClFentryAttachInfoState `json:"links"` + Links []ClFentryAttachInfoState `json:"links,omitempty"` } type ClFentryAttachInfoState struct { diff --git a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go index 2a3b5328a00..a37110bc783 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_fexit_program_types.go @@ -17,40 +17,53 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// ClFexitProgramInfo defines the Fexit program details type ClFexitProgramInfo struct { ClFexitLoadInfo `json:",inline"` - // Whether the program should be attached to the function. + + // links is an optional field and is a flag to indicate if the FExit program + // should be attached. The attachment point for a FExit program is a Linux + // kernel function. Unlike other eBPF program types, an FExit program must be + // provided with the target function at load time. The links field is optional, + // but unlike other program types where it represents a list of attachment + // points, for FExit programs it contains at most one entry that determines + // whether the program should be attached to the specified function. To attach + // the program, add an entry to links with mode set to Attach. To detach it, + // remove the entry from links. // +optional // +kubebuilder:validation:MaxItems=1 - // +kubebuilder:default:={} - Links []ClFexitAttachInfo `json:"links"` + Links []ClFexitAttachInfo `json:"links,omitempty"` } -// ClFexitLoadInfo contains the program-specific load information for Fexit -// programs type ClFexitLoadInfo struct { - // function is the name of the function to attach the Fexit program to. + // function is a required field and specifies the name of the Linux kernel + // function to attach the FExit program. function must not be an empty string, + // must not exceed 64 characters in length, must start with alpha characters + // and must only contain alphanumeric characters. + // +required // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 Function string `json:"function"` } -// ClFexitAttachInfo indicates that the Fentry program should be attached to -// the function identified in ClFentryLoadInfo. The only valid value for Attach -// is true. type ClFexitAttachInfo struct { - // +kubebuilder:validation:Enum=Attach;Dettach; + // mode is a required field. When set to Attach, the FExit program will + // attempt to be attached. To detach the FExit program, remove the link entry. + // +required + // +kubebuilder:validation:Enum=Attach; Mode AttachTypeAttach `json:"mode"` } type ClFexitProgramInfoState struct { ClFexitLoadInfo `json:",inline"` + + // links is a list of attachment points for the FExit program. Each entry in + // the list includes a linkStatus, which indicates if the attachment was + // successful or not, a linkId, which is the kernel ID for the link if + // successfully attached, and other attachment specific data. // +optional // +kubebuilder:validation:MaxItems=1 - // +kubebuilder:default:={} - Links []ClFexitAttachInfoState `json:"links"` + Links []ClFexitAttachInfoState `json:"links,omitempty"` } type ClFexitAttachInfoState struct { diff --git a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go index c3386c5b6fe..cff43a95c36 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_kprobe_program_types.go @@ -19,46 +19,59 @@ package v1alpha1 // ClKprobeProgramInfo contains the information for the kprobe program type ClKprobeProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // KProbe program should be attached. The eBPF program is loaded in kernel + // memory when the BPF Application CRD is created and the selected Kubernetes + // nodes are active. The eBPF program will not be triggered until the program + // has also been attached to an attachment point described in this list. Items + // may be added or removed from the list at any point, causing the eBPF program + // to be attached or detached. + // + // The attachment point for a KProbe program is a Linux kernel function. By + // default, the eBPF program is triggered at the entry of the attachment point, + // but the attachment point can be adjusted using an optional offset. // +optional - // +kubebuilder:default:={} - Links []ClKprobeAttachInfo `json:"links"` + Links []ClKprobeAttachInfo `json:"links,omitempty"` } type ClKprobeAttachInfo struct { - // function to attach the kprobe to. + // function is a required field and specifies the name of the Linux kernel + // function to attach the KProbe program. function must not be an empty string, + // must not exceed 64 characters in length, must start with alpha characters + // and must only contain alphanumeric characters. + // +required // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 Function string `json:"function"` - // offset added to the address of the function for kprobe. - // The offset must be zero for kretprobes. - // TODO: Add a webhook to enforce kretprobe offset=0. - // See: https://github.com/bpfman/bpfman-operator/issues/403 + // offset is an optional field and the value is added to the address of the + // attachment point function. If not provided, offset defaults to 0. // +optional // +kubebuilder:default:=0 Offset uint64 `json:"offset"` } type ClKprobeProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the KProbe program. Each entry in + // the list includes a linkStatus, which indicates if the attachment was + // successful or not on this node, a linkId, which is the kernel ID for the + // link if successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []ClKprobeAttachInfoState `json:"links"` + Links []ClKprobeAttachInfoState `json:"links,omitempty"` } type ClKprobeAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Function to attach the kprobe to. + // function is the provisioned name of the Linux kernel function the KProbe + // program should be attached. + // +required Function string `json:"function"` - // Offset added to the address of the function for kprobe. + // offset is the provisioned offset, whose value is added to the address of the + // attachment point function. + // +optional + // +kubebuilder:default:=0 Offset uint64 `json:"offset"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go index e436e42d2d2..606b3c1a68d 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_kretprobe_program_types.go @@ -19,15 +19,25 @@ package v1alpha1 // ClKprobeProgramInfo contains the information for the kprobe program type ClKretprobeProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // KRetProbe program should be attached. The eBPF program is loaded in kernel + // memory when the BPF Application CRD is created and the selected Kubernetes + // nodes are active. The eBPF program will not be triggered until the program + // has also been attached to an attachment point described in this list. Items + // may be added or removed from the list at any point, causing the eBPF program + // to be attached or detached. + // + // The attachment point for a KRetProbe program is a Linux kernel function. // +optional - // +kubebuilder:default:={} - Links []ClKretprobeAttachInfo `json:"links"` + Links []ClKretprobeAttachInfo `json:"links,omitempty"` } type ClKretprobeAttachInfo struct { - // function to attach the kprobe to. + // function is a required field and specifies the name of the Linux kernel + // function to attach the KRetProbe program. function must not be an empty + // string, must not exceed 64 characters in length, must start with alpha + // characters and must only contain alphanumeric characters. + // +required // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 @@ -35,19 +45,18 @@ type ClKretprobeAttachInfo struct { } type ClKretprobeProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the KRetProbe program. Each entry + // in the list includes a linkStatus, which indicates if the attachment was + // successful or not on this node, a linkId, which is the kernel ID for the + // link if successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []ClKretprobeAttachInfoState `json:"links"` + Links []ClKretprobeAttachInfoState `json:"links,omitempty"` } type ClKretprobeAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // Function to attach the kprobe to. + // function is the provisioned name of the Linux kernel function the KRetProbe + // program should be attached. Function string `json:"function"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go index 084f5aac8e0..73978fd5162 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tc_program_types.go @@ -20,78 +20,118 @@ package v1alpha1 // +kubebuilder:validation:Enum:=UnSpec;OK;ReClassify;Shot;Pipe;Stolen;Queued;Repeat;ReDirect;Trap;DispatcherReturn; type TcProceedOnValue string -// ClTcProgramInfo defines the tc program details type ClTcProgramInfo struct { - // The list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // TC program should be attached. The TC program is loaded in kernel memory + // when the BPF Application CRD is created and the selected Kubernetes nodes + // are active. The TC program will not be triggered until the program has also + // been attached to an attachment point described in this list. Items may be + // added or removed from the list at any point, causing the TC program to be + // attached or detached. + // + // The attachment point for a TC program is a network interface (or device). + // The interface can be specified by name, by allowing bpfman to discover each + // interface, or by setting the primaryNodeInterface flag, which instructs + // bpfman to use the primary interface of a Kubernetes node. Optionally, the + // TC program can also be installed into a set of network namespaces. // +optional - // +kubebuilder:default:={} - Links []ClTcAttachInfo `json:"links"` + Links []ClTcAttachInfo `json:"links,omitempty"` } type ClTcAttachInfo struct { - // interfaceSelector to determine the network interface (or interfaces) + // interfaceSelector is a required field and is used to determine the network + // interface (or interfaces) the TC program is attached. Interface list is set + // by providing a list of interface names, enabling auto discovery, or setting + // the primaryNodeInterface flag, but only one option is allowed. + // +required InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // containers identifies the set of containers in which to attach the eBPF - // program. If Containers is not specified, the BPF program will be attached - // in the root network namespace. + // networkNamespaces is an optional field that identifies the set of network + // namespaces in which to attach the eBPF program. If networkNamespaces is not + // specified, the eBPF program will be attached in the root network namespace. // +optional - Containers *ClContainerSelector `json:"containers"` - - // direction specifies the direction of traffic the tc program should - // attach to for a given network device. + NetworkNamespaces *ClNetworkNamespaceSelector `json:"networkNamespaces,omitempty"` + + // direction is a required field and specifies the direction of traffic. + // Allowed values are: + // Ingress, Egress + // + // When set to Ingress, the TC program is triggered when packets are received + // by the interface. + // + // When set to Egress, the TC program is triggered when packets are to be + // transmitted by the interface. + // +required // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` - // priority specifies the priority of the tc program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is an optional field and determines the execution order of the TC + // program relative to other TC programs attached to the same attachment point. + // It must be a value between 0 and 1000, where lower values indicate higher + // precedence. For TC programs on the same attachment point with the same + // direction and priority, the most recently attached program has a lower + // precedence. If not provided, priority will default to 1000. + // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 - Priority int32 `json:"priority"` - - // proceedOn allows the user to call other tc programs in chain on this exit code. - // Multiple values are supported by repeating the parameter. + // +kubebuilder:default:=1000 + Priority int32 `json:"priority,omitempty"` + + // proceedOn is an optional field and allows the user to call other TC programs + // in a chain, or not call the next program in a chain based on the exit code + // of a TC program. Allowed values, which are the possible exit codes from a TC + // eBPF program, are: + // UnSpec, OK, ReClassify, Shot, Pipe, Stolen, Queued, Repeat, ReDirect, + // Trap, DispatcherReturn + // + // Multiple values are supported. Default is OK, Pipe and DispatcherReturn. So + // using the default values, if a TC program returns Pipe, the next TC + // program in the chain will be called. If a TC program returns Stolen, the + // next TC program in the chain will NOT be called. // +optional // +kubebuilder:default:={Pipe,DispatcherReturn} - ProceedOn []TcProceedOnValue `json:"proceedOn"` + ProceedOn []TcProceedOnValue `json:"proceedOn,omitempty"` } type ClTcProgramInfoState struct { - // links is the List of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attached point required by the - // reconciler + // links is a list of attachment points for the TC program. Each entry in the + // list includes a linkStatus, which indicates if the attachment was successful + // or not on this node, a linkId, which is the kernel ID for the link if + // successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []ClTcAttachInfoState `json:"links"` + Links []ClTcAttachInfoState `json:"links,omitempty"` } type ClTcAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // interfaceName is the Interface name to attach the tc program to. + // interfaceName is the name of the interface the TC program should be + // attached. + // +required InterfaceName string `json:"interfaceName"` - // Optional container pid to attach the tc program in. + // netnsPath is the optional path to the network namespace inside of which the + // TC program should be attached. // +optional - ContainerPid *int32 `json:"containerPid"` + NetnsPath string `json:"netnsPath,omitempty"` - // direction specifies the direction of traffic the tc program should - // attach to for a given network device. + // direction is the provisioned direction of traffic, Ingress or Egress, the TC + // program should be attached for a given network device. + // +required // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` - // priority specifies the priority of the tc program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is the provisioned priority of the TC program in relation to other + // programs of the same type with the same attach point. It is a value from 0 + // to 1000, where lower values have higher precedence. + // +required // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // proceedOn allows the user to call other tc programs in chain on this exit code. - // Multiple values are supported by repeating the parameter. + // proceedOn is the provisioned list of proceedOn values. proceedOn allows the + // user to call other TC programs in a chain, or not call the next program in a + // chain based on the exit code of a TC program .Multiple values are supported. + // +required ProceedOn []TcProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go index 093ca5d37e5..1c629cda7b8 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tcx_program_types.go @@ -19,65 +19,95 @@ package v1alpha1 // ClTcxProgramInfo defines the tcx program details type ClTcxProgramInfo struct { - // links is the list of points to which the program should be attached. The list items - // are optional and may be updated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // TCX program should be attached. The TCX program is loaded in kernel memory + // when the BPF Application CRD is created and the selected Kubernetes nodes + // are active. The TCX program will not be triggered until the program has also + // been attached to an attachment point described in this list. Items may be + // added or removed from the list at any point, causing the TCX program to be + // attached or detached. + // + // The attachment point for a TCX program is a network interface (or device). + // The interface can be specified by name, by allowing bpfman to discover each + // interface, or by setting the primaryNodeInterface flag, which instructs + // bpfman to use the primary interface of a Kubernetes node. Optionally, the + // TCX program can also be installed into a set of network namespaces. // +optional - // +kubebuilder:default:={} - Links []ClTcxAttachInfo `json:"links"` + Links []ClTcxAttachInfo `json:"links,omitempty"` } type ClTcxAttachInfo struct { - // interfaceSelector to determine the network interface (or interfaces) + // interfaceSelector is a required field and is used to determine the network + // interface (or interfaces) the TCX program is attached. Interface list is set + // by providing a list of interface names, enabling auto discovery, or setting + // the primaryNodeInterface flag, but only one option is allowed. + // +required InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // containers identify the set of containers in which to attach the eBPF - // program. If Containers is not specified, the BPF program will be attached - // in the root network namespace. + // networkNamespaces is an optional field that identifies the set of network + // namespaces in which to attach the eBPF program. If networkNamespaces is not + // specified, the eBPF program will be attached in the root network namespace. // +optional - Containers *ClContainerSelector `json:"containers"` + NetworkNamespaces *ClNetworkNamespaceSelector `json:"networkNamespaces,omitempty"` - // direction specifies the direction of traffic the tcx program should - // attach to for a given network device. + // direction is a required field and specifies the direction of traffic. + // Allowed values are: + // Ingress, Egress + // + // When set to Ingress, the TC program is triggered when packets are received + // by the interface. + // + // When set to Egress, the TC program is triggered when packets are to be + // transmitted by the interface. + // +required // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` - // priority specifies the priority of the tcx program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is an optional field and determines the execution order of the TCX + // program relative to other TCX programs attached to the same attachment + // point. It must be a value between 0 and 1000, where lower values indicate + // higher precedence. For TCX programs on the same attachment point with the + // same direction and priority, the most recently attached program has a lower + // precedence. If not provided, priority will default to 1000. + // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 - Priority int32 `json:"priority"` + // +kubebuilder:default:=1000 + Priority int32 `json:"priority,omitempty"` } type ClTcxProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the TCX program. Each entry in the + // list includes a linkStatus, which indicates if the attachment was successful + // or not on this node, a linkId, which is the kernel ID for the link if + // successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []ClTcxAttachInfoState `json:"links"` + Links []ClTcxAttachInfoState `json:"links,omitempty"` } type ClTcxAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // interfaceName is the Interface name to attach the tc program to. + // interfaceName is the name of the interface the TCX program should be + // attached. + // +required InterfaceName string `json:"interfaceName"` - // containerPid is the container pid to attach the tcx program in. + // netnsPath is the optional path to the network namespace inside of which the + // TCX program should be attached. // +optional - ContainerPid *int32 `json:"containerPid"` + NetnsPath string `json:"netnsPath,omitempty"` - // direction specifies the direction of traffic the tcx program should - // attach to for a given network device. + // direction is the provisioned direction of traffic, Ingress or Egress, the TC + // program should be attached for a given network device. + // +required // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` - // priority specifies the priority of the tcx program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is the provisioned priority of the TCX program in relation to other + // programs of the same type with the same attach point. It is a value from 0 + // to 1000, where lower values have higher precedence. + // +required // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` diff --git a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go index 52068609a49..14b5e530428 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_tracepoint_program_types.go @@ -17,18 +17,27 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// ClTracepointProgramInfo contains the Tracepoint program details type ClTracepointProgramInfo struct { - // links is the list of points to which the program should be attached. The list items - // are optional and may be updated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // Tracepoint program should be attached. The Tracepoint program is loaded in + // kernel memory when the BPF Application CRD is created and the selected + // Kubernetes nodes are active. The Tracepoint program will not be triggered + // until the program has also been attached to an attachment point described in + // this list. Items may be added or removed from the list at any point, causing + // the Tracepoint program to be attached or detached. + // + // The attachment point for a Tracepoint program is a one of a predefined set + // of Linux kernel functions. // +optional - // +kubebuilder:default:={} - Links []ClTracepointAttachInfo `json:"links"` + Links []ClTracepointAttachInfo `json:"links,omitempty"` } type ClTracepointAttachInfo struct { - // name refers to the name of a kernel tracepoint to attach the - // bpf program to. + // name is a required field and specifies the name of the Linux kernel + // Tracepoint to attach the eBPF program. name must not be an empty string, + // must not exceed 64 characters in length, must start with alpha characters + // and must only contain alphanumeric characters. + // +required // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 @@ -36,19 +45,20 @@ type ClTracepointAttachInfo struct { } type ClTracepointProgramInfoState struct { - // links is the list of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the Tracepoint program. Each entry + // in the list includes a linkStatus, which indicates if the attachment was + // successful or not on this node, a linkId, which is the kernel ID for the + // link if successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []ClTracepointAttachInfoState `json:"links"` + Links []ClTracepointAttachInfoState `json:"links,omitempty"` } type ClTracepointAttachInfoState struct { AttachInfoStateCommon `json:",inline"` // The name of a kernel tracepoint to attach the bpf program to. + // name is the provisioned name of the Linux kernel tracepoint function the + // Tracepoint program should be attached. + // +required Name string `json:"name"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go index d4b6d6a4a38..0c061f9bfd8 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_uprobe_program_types.go @@ -17,75 +17,97 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// ClUprobeProgramInfo contains the information for the uprobe program type ClUprobeProgramInfo struct { - // links in the list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // UProbe or URetProbe program should be attached. The eBPF program is loaded + // in kernel memory when the BPF Application CRD is created and the selected + // Kubernetes nodes are active. The eBPF program will not be triggered until + // the program has also been attached to an attachment point described in this + // list. Items may be added or removed from the list at any point, causing the + // eBPF program to be attached or detached. + // + // The attachment point for a UProbe and URetProbe program is a user-space + // binary or function. By default, the eBPF program is triggered at the entry + // of the attachment point, but the attachment point can be adjusted using an + // optional function name and/or offset. Optionally, the eBPF program can be + // installed in a set of containers or limited to a specified PID. // +optional - // +kubebuilder:default:={} - Links []ClUprobeAttachInfo `json:"links"` + Links []ClUprobeAttachInfo `json:"links,omitempty"` } type ClUprobeAttachInfo struct { - // function to attach the uprobe to. + // function is an optional field and specifies the name of a user-space function + // to attach the UProbe or URetProbe program. If not provided, the eBPF program + // will be triggered on the entry of the target. function must not be an empty + // string, must not exceed 64 characters in length, must start with alpha + // characters and must only contain alphanumeric characters. // +optional // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 - Function string `json:"function"` + Function string `json:"function,omitempty"` - // offset added to the address of the function for uprobe. + // offset is an optional field and the value is added to the address of the + // attachment point function. // +optional // +kubebuilder:default:=0 - Offset uint64 `json:"offset"` + Offset uint64 `json:"offset,omitempty"` - // target is the Library name or the absolute path to a binary or library. + // target is a required field and is the user-space library name or the + // absolute path to a binary or library. + // +required Target string `json:"target"` - // pid only execute uprobe for given process identification number (PID). If PID - // is not provided, uprobe executes for all PIDs. + // pid is an optional field and if provided, limits the execution of the UProbe + // or URetProbe to the provided process identification number (PID). If pid is + // not provided, the UProbe or URetProbe executes for all PIDs. // +optional - Pid *int32 `json:"pid"` + Pid *int32 `json:"pid,omitempty"` - // containers identify the set of containers in which to attach the - // uprobe. If Containers is not specified, the uprobe will be attached in - // the bpfman-agent container. + // containers is an optional field that identifies the set of containers in + // which to attach the UProbe or URetProbe program. If containers is not + // specified, the eBPF program will be attached in the bpfman container. // +optional - Containers *ClContainerSelector `json:"containers"` + Containers *ClContainerSelector `json:"containers,omitempty"` } type ClUprobeProgramInfoState struct { - // links is the list of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the UProbe program. Each entry in + // the list includes a linkStatus, which indicates if the attachment was + // successful or not on this node, a linkId, which is the kernel ID for the + // link if successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []ClUprobeAttachInfoState `json:"links"` + Links []ClUprobeAttachInfoState `json:"links,omitempty"` } type ClUprobeAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // function to attach the uprobe to. + // function is the provisioned name of the user-space function the UProbe + // program should be attached. // +optional - Function string `json:"function"` + Function string `json:"function,omitempty"` - // offset added to the address of the function for uprobe. + // offset is the provisioned offset, whose value is added to the address of the + // attachment point function. // +optional // +kubebuilder:default:=0 Offset uint64 `json:"offset"` - // target is the library name or the absolute path to a binary or library. + // target is the provisioned user-space library name or the absolute path to a + // binary or library. + // +required Target string `json:"target"` - // pid only execute uprobe for given process identification number (PID). If PID - // is not provided, uprobe executes for all PIDs. + // pid is the provisioned pid. If set, pid limits the execution of the UProbe + // or URetProbe to the provided process identification number (PID). If pid is + // not provided, the UProbe or URetProbe executes for all PIDs. // +optional - Pid *int32 `json:"pid"` + Pid *int32 `json:"pid,omitempty"` - // Optional container pid to attach the uprobe program in. + // If containers is provisioned in the ClusterBpfApplication instance, + // containerPid is the derived PID of the container the UProbe or URetProbe this + // attachment point is attached. // +optional - ContainerPid *int32 `json:"containerPid"` + ContainerPid *int32 `json:"containerPid,omitempty"` } diff --git a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go index 9f369951a43..3f25e801a38 100644 --- a/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/cluster_xdp_program_types.go @@ -20,68 +20,98 @@ package v1alpha1 // +kubebuilder:validation:Enum:=Aborted;Drop;Pass;TX;ReDirect;DispatcherReturn; type XdpProceedOnValue string -// ClXdpProgramInfo contains the xdp program details type ClXdpProgramInfo struct { - // links is the list of points to which the program should be attached. The list items - // are optional and may be updated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // XDP program should be attached. The XDP program is loaded in kernel memory + // when the BPF Application CRD is created and the selected Kubernetes nodes + // are active. The XDP program will not be triggered until the program has also + // been attached to an attachment point described in this list. Items may be + // added or removed from the list at any point, causing the XDP program to be + // attached or detached. + // + // The attachment point for an XDP program is a network interface (or device). + // The interface can be specified by name, by allowing bpfman to discover each + // interface, or by setting the primaryNodeInterface flag, which instructs + // bpfman to use the primary interface of a Kubernetes node. Optionally, the + // XDP program can also be installed into a set of network namespaces. // +optional - // +kubebuilder:default:={} - Links []ClXdpAttachInfo `json:"links"` + Links []ClXdpAttachInfo `json:"links,omitempty"` } type ClXdpAttachInfo struct { - // interfaceSelector to determine the network interface (or interfaces) + // interfaceSelector is a required field and is used to determine the network + // interface (or interfaces) the XDP program is attached. Interface list is set + // by providing a list of interface names, enabling auto discovery, or setting + // the primaryNodeInterface flag, but only one option is allowed. + // +required InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // containers identify the set of containers in which to attach the eBPF - // program. If Containers is not specified, the BPF program will be attached - // in the root network namespace. + // networkNamespaces identifies the set of network namespaces in which to + // attach the eBPF program. If networkNamespaces is not specified, the eBPF + // program will be attached in the root network namespace. + // +optional + NetworkNamespaces *ClNetworkNamespaceSelector `json:"networkNamespaces,omitempty"` + + // priority is an optional field and determines the execution order of the XDP + // program relative to other XDP programs attached to the same attachment + // point. It must be a value between 0 and 1000, where lower values indicate + // higher precedence. For XDP programs on the same attachment point with the + // same priority, the most recently attached program has a lower precedence. If + // not provided, priority will default to 1000. // +optional - Containers *ClContainerSelector `json:"containers"` - - // priority specifies the priority of the bpf program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 - Priority int32 `json:"priority"` - - // proceedOn allows the user to call other xdp programs in chain on this exit code. - // Multiple values are supported by repeating the parameter. + // +kubebuilder:default:=1000 + Priority int32 `json:"priority,omitempty"` + + // proceedOn is an optional field and allows the user to call other XDP + // programs in a chain, or not call the next program in a chain based on the + // exit code of an XDP program. Allowed values, which are the possible exit + // codes from an XDP eBPF program, are: + // Aborted, Drop, Pass, TX, ReDirect, DispatcherReturn + // + // Multiple values are supported. Default is Pass and DispatcherReturn. So + // using the default values, if an XDP program returns Pass, the next XDP + // program in the chain will be called. If an XDP program returns Drop, the + // next XDP program in the chain will NOT be called. // +optional // +kubebuilder:default:={Pass,DispatcherReturn} - ProceedOn []XdpProceedOnValue `json:"proceedOn"` + ProceedOn []XdpProceedOnValue `json:"proceedOn,omitempty"` } type ClXdpProgramInfoState struct { - // links is the list of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the XDP program. Each entry in the + // list includes a linkStatus, which indicates if the attachment was successful + // or not on this node, a linkId, which is the kernel ID for the link if + // successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []ClXdpAttachInfoState `json:"links"` + Links []ClXdpAttachInfoState `json:"links,omitempty"` } type ClXdpAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // interfaceName is the interface name to attach the xdp program to. + // interfaceName is the name of the interface the XDP program should be + // attached. + // +required InterfaceName string `json:"interfaceName"` - // containerPid is an optional container pid to attach the xdp program in. + // netnsPath is the optional path to the network namespace inside of which the + // XDP program should be attached. // +optional - ContainerPid *int32 `json:"containerPid"` + NetnsPath string `json:"netnsPath,omitempty"` - // priority specifies the priority of the xdp program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is the provisioned priority of the XDP program in relation to other + // programs of the same type with the same attach point. It is a value from 0 + // to 1000, where lower values have higher precedence. + // +required // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // proceedOn allows the user to call other xdp programs in chain on this exit code. - // Multiple values are supported by repeating the parameter. + // proceedOn is the provisioned list of proceedOn values. proceedOn allows the + // user to call other TC programs in a chain, or not call the next program in a + // chain based on the exit code of a TC program .Multiple values are supported. + // +required ProceedOn []XdpProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/shared_types.go b/bpfman-operator/apis/v1alpha1/shared_types.go index 32ab5b1092a..3e20dc29d58 100644 --- a/bpfman-operator/apis/v1alpha1/shared_types.go +++ b/bpfman-operator/apis/v1alpha1/shared_types.go @@ -20,82 +20,159 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// InterfaceSelector defines interface to attach to. +type InterfaceDiscovery struct { + // interfaceAutoDiscovery is an optional field. When enabled, the agent + // monitors the creation and deletion of interfaces and automatically + // attached eBPF programs to the newly discovered interfaces. + // CAUTION: This has the potential to attach a given eBPF program to a large + // number of interfaces. Use with caution. + // +optional + // +kubebuilder:default:=false + InterfaceAutoDiscovery *bool `json:"interfaceAutoDiscovery,omitempty"` + + // excludeInterfaces is an optional field that contains a list of interface + // names that are excluded from interface discovery. The interface names in + // the list are case-sensitive. By default, the list contains the loopback + // interface, "lo". This field is only taken into consideration if + // interfaceAutoDiscovery is set to true. + // +optional + // +kubebuilder:default:={"lo"} + ExcludeInterfaces []string `json:"excludeInterfaces,omitempty"` + + // allowedInterfaces is an optional field that contains a list of interface + // names that are allowed to be discovered. If empty, the agent will fetch all + // the interfaces in the system, excepting the ones listed in + // excludeInterfaces. if non-empty, only entries in the list will be considered + // for discovery. If an entry enclosed by slashes, such as `/br-/` or + // `/veth*/`, then the entry is considered as a regular expression for + // matching. Otherwise, the interface names in the list are case-sensitive. + // This field is only taken into consideration if interfaceAutoDiscovery is set + // to true. + // +optional + AllowedInterfaces []string `json:"allowedInterfaces,omitempty"` +} + +// InterfaceSelector describes the set of interfaces to attach a program to. // +kubebuilder:validation:MaxProperties=1 // +kubebuilder:validation:MinProperties=1 type InterfaceSelector struct { - // interfaces refers to a list of network interfaces to attach the BPF - // program to. + // interfacesDiscoveryConfig is an optional field that is used to control if + // and how to automatically discover interfaces. If the agent should + // automatically discover and attach eBPF programs to interfaces, use the + // fields under interfacesDiscoveryConfig to control what is allow and excluded + // from discovery. + // +optional + InterfacesDiscoveryConfig *InterfaceDiscovery `json:"interfacesDiscoveryConfig,omitempty"` + + // interfaces is an optional field and is a list of network interface names to + // attach the eBPF program. The interface names in the list are case-sensitive. // +optional - Interfaces *[]string `json:"interfaces,omitempty"` + Interfaces []string `json:"interfaces,omitempty"` - // primaryNodeInterface to attach BPF program to the primary interface on the node. Only 'true' accepted. + // primaryNodeInterface is and optional field and indicates to attach the eBPF + // program to the primary interface on the Kubernetes node. Only 'true' is + // accepted. // +optional PrimaryNodeInterface *bool `json:"primaryNodeInterface,omitempty"` } -// ClContainerSelector identifies a set of containers. For example, this can be -// used to identify a set of containers in which to attach uprobes. +// ClContainerSelector identifies a set of containers. type ClContainerSelector struct { - // namespaces indicate the target namespaces. + // namespace is an optional field and indicates the target Kubernetes + // namespace. If not provided, all Kubernetes namespaces are included. // +optional - // +kubebuilder:default:="" - Namespace string `json:"namespace"` + Namespace string `json:"namespace,omitempty"` - // pods indicate the target pods. This field must be specified, to select all pods use - // standard metav1.LabelSelector semantics and make it empty. + // pods is a required field and indicates the target pods. To select all pods + // use the standard metav1.LabelSelector semantics and make it empty. + // +required Pods metav1.LabelSelector `json:"pods"` - // containerNames indicate the Name(s) of container(s). If none are specified, all containers in the - // pod are selected. + // containerNames is an optional field and is a list of container names in a + // pod to attach the eBPF program. If no names are specified, all containers + // in the pod are selected. // +optional - ContainerNames *[]string `json:"containerNames,omitempty"` + ContainerNames []string `json:"containerNames,omitempty"` } -// ContainerSelector identifies a set of containers. It is different from ContainerSelector +// ContainerSelector identifies a set of containers. It is different from ClContainerSelector // in that "Namespace" was removed. Namespace scoped programs can only attach to the namespace -// they are created in, so namespace at this level doesn't apply. +// they are created in. type ContainerSelector struct { - // pods indicate the target pods. This field must be specified, to select all pods use - // standard metav1.LabelSelector semantics and make it empty. + // pods is a required field and indicates the target pods. To select all pods + // use the standard metav1.LabelSelector semantics and make it empty. + // +required Pods metav1.LabelSelector `json:"pods"` - // containerNames indicate the name(s) of container(s). If none are specified, all containers in the - // pod are selected. + // containerNames is an optional field and is a list of container names in a + // pod to attach the eBPF program. If no names are specified, all containers + // in the pod are selected. + // +optional + ContainerNames []string `json:"containerNames,omitempty"` +} + +// ClNetworkNamespaceSelector identifies a network namespace for network-related +// program types in the cluster-scoped ClusterBpfApplication object. +type ClNetworkNamespaceSelector struct { + // namespace is an optional field and indicates the target network namespace. + // If not provided, the default network namespace is used. // +optional - ContainerNames *[]string `json:"containerNames,omitempty"` + Namespace string `json:"namespace,omitempty"` + + // pods is a required field and indicates the target pods. To select all pods + // use the standard metav1.LabelSelector semantics and make it empty. + // +required + Pods metav1.LabelSelector `json:"pods"` +} + +// NetworkNamespaceSelector identifies a network namespace for network-related +// program types in the namespace-scoped BpfApplication object. +type NetworkNamespaceSelector struct { + // pods is a required field and indicates the target pods. To select all pods + // use the standard metav1.LabelSelector semantics and make it empty. + // +required + Pods metav1.LabelSelector `json:"pods"` } // BpfAppCommon defines the common attributes for all BpfApp programs type BpfAppCommon struct { - // nodeSelector allows the user to specify which nodes to deploy the - // bpf program to. This field must be specified, to select all nodes - // use standard metav1.LabelSelector semantics and make it empty. + // nodeSelector is a required field and allows the user to specify which + // Kubernetes nodes to deploy the eBPF programs. To select all nodes use + // standard metav1.LabelSelector semantics and make it empty. + // +required NodeSelector metav1.LabelSelector `json:"nodeSelector"` - // globalData allows the user to set global variables when the program is loaded - // with an array of raw bytes. This is a very low level primitive. The caller - // is responsible for formatting the byte string appropriately considering - // such things as size, endianness, alignment and packing of data structures. + // globalData is an optional field that allows the user to set global variables + // when the program is loaded. This allows the same compiled bytecode to be + // deployed by different BPF Applications to behave differently based on + // globalData configuration values. It uses an array of raw bytes. This is a + // very low level primitive. The caller is responsible for formatting the byte + // string appropriately considering such things as size, endianness, alignment + // and packing of data structures. // +optional GlobalData map[string][]byte `json:"globalData,omitempty"` - // bytecode configures where the bpf program's bytecode should be loaded - // from. + // bytecode is a required field and configures where the eBPF program's + // bytecode should be loaded from. The image must contain one or more + // eBPF programs. + // +required ByteCode ByteCodeSelector `json:"byteCode"` - // TODO: need to work out how MapOwnerSelector will work after load-attach-split - // mapOwnerSelector is used to select the loaded eBPF program this eBPF program - // will share a map with. + // mapOwnerSelector is an optional field used to share maps across + // applications. eBPF programs loaded with the same ClusterBpfApplication or + // BpfApplication instance do not need to use this field. This label selector + // allows maps from a different ClusterBpfApplication or BpfApplication + // instance to be used by this instance. + // TODO: mapOwnerSelector is currently not supported due to recent code rework. // +optional MapOwnerSelector *metav1.LabelSelector `json:"mapOwnerSelector,omitempty"` } -// BpfAppStatus reflects the status of a BpfApplication or BpfApplicationState object +// status reflects the status of a BPF Application and indicates if all the +// eBPF programs for a given instance loaded successfully or not. type BpfAppStatus struct { - // For a BpfApplication object, Conditions contains the global cluster state - // for the object. For a BpfApplicationState object, Conditions contains the - // state of the BpfApplication object on the given node. + // conditions contains the summary state for all eBPF programs defined in the + // BPF Application instance for all the Kubernetes nodes in the cluster. // +patchMergeKey=type // +patchStrategy=merge // +listType=map @@ -107,29 +184,35 @@ type BpfAppStatus struct { // application program type AttachInfoStateCommon struct { // shouldAttach reflects whether the attachment should exist. + // +required ShouldAttach bool `json:"shouldAttach"` // uuid is an Unique identifier for the attach point assigned by bpfman agent. + // +required UUID string `json:"uuid"` // linkId is an identifier for the link assigned by bpfman. This field is // empty until the program is successfully attached and bpfman returns the // id. - LinkId *uint32 `json:"linkId"` + // +optional + LinkId *uint32 `json:"linkId,omitempty"` // linkStatus reflects whether the attachment has been reconciled // successfully, and if not, why. + // +required LinkStatus LinkStatus `json:"linkStatus"` } type BpfProgramStateCommon struct { - // name is the name of the function that is the entry point for the BPF + // name is the name of the function that is the entry point for the eBPF // program + // +required Name string `json:"name"` // programLinkStatus reflects whether all links requested for the program // are in the correct state. + // +required ProgramLinkStatus ProgramLinkStatus `json:"programLinkStatus"` // programId is the id of the program in the kernel. Not set until the // program is loaded. // +optional - ProgramId *uint32 `json:"programId"` + ProgramId *uint32 `json:"programId,omitempty"` } // PullPolicy describes a policy for if/when to pull a container image @@ -145,43 +228,65 @@ const ( PullIfNotPresent PullPolicy = "IfNotPresent" ) -// ByteCodeSelector defines the various ways to reference bpf bytecode objects. +// ByteCodeSelector defines the various ways to reference BPF bytecode objects. +// +kubebuilder:validation:MaxProperties=1 +// +kubebuilder:validation:MinProperties=1 type ByteCodeSelector struct { - // image used to specify a bytecode container image. + // image is an optional field and used to specify details on how to retrieve an + // eBPF program packaged in a OCI container image from a given registry. // +optional Image *ByteCodeImage `json:"image,omitempty"` - // path is used to specify a bytecode object via filepath. - // +kubebuilder:validation:Pattern=`^(/[^/\0]+)+/?$` + // path is an optional field and used to specify a bytecode object file via + // filepath on a Kubernetes node. // +optional + // +kubebuilder:validation:Pattern=`^(/[^/\0]+)+/?$` Path *string `json:"path,omitempty"` } // ByteCodeImage defines how to specify a bytecode container image. type ByteCodeImage struct { - // url is a valid container image URL used to reference a remote bytecode image. + // url is a required field and is a valid container image URL used to reference + // a remote bytecode image. url must not be an empty string, must not exceed + // 525 characters in length and must be a valid URL. + // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MaxLength:=525 // +kubebuilder:validation:Pattern=`[a-zA-Z0-9_][a-zA-Z0-9._-]{0,127}` Url string `json:"url"` - // pullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent. - // +kubebuilder:default:=IfNotPresent + // pullPolicy is an optional field that describes a policy for if/when to pull + // a bytecode image. Defaults to IfNotPresent. Allowed values are: + // Always, IfNotPresent and Never + // + // When set to Always, the given image will be pulled even if the image is + // already present on the node. + // + // When set to IfNotPresent, the given image will only be pulled if it is not + // present on the node. + // + // When set to Never, the given image will never be pulled and must be + // loaded on the node by some other means. // +optional + // +kubebuilder:default:=IfNotPresent ImagePullPolicy PullPolicy `json:"imagePullPolicy,omitempty"` - // imagePullSecret is the name of the secret bpfman should use to get remote image - // repository secrets. + // imagePullSecret is an optional field and indicates the secret which contains + // the credentials to access the image repository. // +optional ImagePullSecret *ImagePullSecretSelector `json:"imagePullSecret,omitempty"` } // ImagePullSecretSelector defines the name and namespace of an image pull secret. type ImagePullSecretSelector struct { - // name of the secret which contains the credentials to access the image repository. + // name is a required field and is the name of the secret which contains the + // credentials to access the image repository. + // +required Name string `json:"name"` - // namespace of the secret which contains the credentials to access the image repository. + // namespace is a required field and is the namespace of the secret which + // contains the credentials to access the image repository. + // +required Namespace string `json:"namespace"` } @@ -198,7 +303,7 @@ const ( // the Bpf Application on all nodes in the cluster. BpfAppCondPending BpfApplicationConditionType = "Pending" - // BpfAppCondSuccess indicates that the BPF application has been + // BpfAppCondSuccess indicates that the BPF Application has been // successfully loaded and attached as requested on all nodes in the // cluster. BpfAppCondSuccess BpfApplicationConditionType = "Success" @@ -282,7 +387,7 @@ const ( // reconciling the Bpf Application on the given node. BpfAppStateCondPending BpfApplicationStateConditionType = "Pending" - // BpfAppStateCondSuccess indicates that the BPF application has been + // BpfAppStateCondSuccess indicates that the BPF Application has been // successfully loaded and attached as requested on the given node. BpfAppStateCondSuccess BpfApplicationStateConditionType = "Success" @@ -294,9 +399,14 @@ const ( // node while attempting to apply the configuration described in the CRD. BpfAppStateCondProgramListChangedError BpfApplicationStateConditionType = "ProgramListChangedError" - // BpfAppStateCondDeleteError indicates that the BPF Application was marked - // for deletion, but deletion was unsuccessful on the given node. - BpfAppStateCondDeleteError BpfApplicationStateConditionType = "DeleteError" + // BpfAppStateCondUnloadError indicates that the BPF Application was marked + // for deletion, but unloading one or more programs was unsuccessful on the + // given node. + BpfAppStateCondUnloadError BpfApplicationStateConditionType = "UnloadError" + + // BpfAppStateCondUnloaded indicates that the BPF Application was marked + // for deletion, and has been successfully unloaded. + BpfAppStateCondUnloaded BpfApplicationStateConditionType = "Unloaded" ) // Condition is a helper method to promote any given @@ -330,13 +440,21 @@ func (b BpfApplicationStateConditionType) Condition() metav1.Condition { Reason: "Error", Message: "An error has occurred", } - case BpfAppStateCondDeleteError: - condType := string(BpfAppStateCondDeleteError) + case BpfAppStateCondUnloadError: + condType := string(BpfAppStateCondUnloadError) + cond = metav1.Condition{ + Type: condType, + Status: metav1.ConditionTrue, + Reason: "Unload Error", + Message: "Unload failed for one or more programs", + } + case BpfAppStateCondUnloaded: + condType := string(BpfAppStateCondUnloaded) cond = metav1.Condition{ Type: condType, Status: metav1.ConditionTrue, - Reason: "Delete Error", - Message: "Deletion failed on one or more nodes", + Reason: "Unloaded", + Message: "The application has been successfully unloaded", } } return cond @@ -357,7 +475,7 @@ const ( AppUnloadError AppLoadStatus = "UnloadError" // The app is not selected to run on the node NotSelected AppLoadStatus = "NotSelected" - // The app is not selected to run on the node + // The program list has changed which is not allowed ProgListChangedError AppLoadStatus = "ProgramListChangedError" ) diff --git a/bpfman-operator/apis/v1alpha1/tc_program_types.go b/bpfman-operator/apis/v1alpha1/tc_program_types.go index d9f50c0420f..efe56e3d478 100644 --- a/bpfman-operator/apis/v1alpha1/tc_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tc_program_types.go @@ -17,75 +17,117 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// TcProgramInfo defines the tc program details type TcProgramInfo struct { - // links is the list of points to which the program should be attached. The list items - // are optional and may be updated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // TC program should be attached. The TC program is loaded in kernel memory + // when the BPF Application CRD is created and the selected Kubernetes nodes + // are active. The TC program will not be triggered until the program has also + // been attached to an attachment point described in this list. Items may be + // added or removed from the list at any point, causing the TC program to be + // attached or detached. + // + // The attachment point for a TC program is a network interface (or device). + // The interface can be specified by name, by allowing bpfman to discover each + // interface, or by setting the primaryNodeInterface flag, which instructs + // bpfman to use the primary interface of a Kubernetes node. Optionally, the + // TC program can also be installed into a set of network namespaces. // +optional - // +kubebuilder:default:={} - Links []TcAttachInfo `json:"links"` + Links []TcAttachInfo `json:"links,omitempty"` } type TcAttachInfo struct { - // interfaceSelector to determine the network interface (or interfaces) + // interfaceSelector is a required field and is used to determine the network + // interface (or interfaces) the TC program is attached. Interface list is set + // by providing a list of interface names, enabling auto discovery, or setting + // the primaryNodeInterface flag, but only one option is allowed. + // +required InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // containers identify the set of containers in which to attach the eBPF - // program. - Containers ContainerSelector `json:"containers"` - - // direction specifies the direction of traffic the tc program should - // attach to for a given network device. + // networkNamespaces is a required field that identifies the set of network + // namespaces in which to attach the eBPF program. + // +required + NetworkNamespaces NetworkNamespaceSelector `json:"networkNamespaces"` + + // direction is a required field and specifies the direction of traffic. + // Allowed values are: + // Ingress, Egress + // + // When set to Ingress, the TC program is triggered when packets are received + // by the interface. + // + // When set to Egress, the TC program is triggered when packets are to be + // transmitted by the interface. + // +required // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` - // priority specifies the priority of the tc program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is an optional field and determines the execution order of the TC + // program relative to other TC programs attached to the same attachment point. + // It must be a value between 0 and 1000, where lower values indicate higher + // precedence. For TC programs on the same attachment point with the same + // direction and priority, the most recently attached program has a lower + // precedence. If not provided, priority will default to 1000. + // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 - Priority int32 `json:"priority"` - - // proceedOn allows the user to call other tc programs in chain on this exit code. - // Multiple values are supported by repeating the parameter. + // +kubebuilder:default:=1000 + Priority int32 `json:"priority,omitempty"` + + // proceedOn is an optional field and allows the user to call other TC programs + // in a chain, or not call the next program in a chain based on the exit code + // of a TC program. Allowed values, which are the possible exit codes from a TC + // eBPF program, are: + // UnSpec, OK, ReClassify, Shot, Pipe, Stolen, Queued, Repeat, ReDirect, + // Trap, DispatcherReturn + // + // Multiple values are supported. Default is OK, Pipe and DispatcherReturn. So + // using the default values, if a TC program returns Pipe, the next TC + // program in the chain will be called. If a TC program returns Stolen, the + // next TC program in the chain will NOT be called. // +optional // +kubebuilder:default:={Pipe,DispatcherReturn} - ProceedOn []TcProceedOnValue `json:"proceedOn"` + ProceedOn []TcProceedOnValue `json:"proceedOn,omitempty"` } type TcProgramInfoState struct { - // links is the List of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the TC program. Each entry in the + // list includes a linkStatus, which indicates if the attachment was successful + // or not on this node, a linkId, which is the kernel ID for the link if + // successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []TcAttachInfoState `json:"links"` + Links []TcAttachInfoState `json:"links,omitempty"` } type TcAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // interfaceName is the Interface name to attach the tc program to. + // interfaceName is the name of the interface the TC program should be + // attached. + // +required InterfaceName string `json:"interfaceName"` - // containerPid is the Container pid to attach the tc program in. - ContainerPid int32 `json:"containerPid"` + // netnsPath is the path to the network namespace inside of which the TC + // program should be attached. + // +required + NetnsPath string `json:"netnsPath"` - // direction specifies the direction of traffic the tc program should - // attach to for a given network device. + // direction is the provisioned direction of traffic, Ingress or Egress, the TC + // program should be attached for a given network device. + // +required // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` - // priority specifies the priority of the tc program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is the provisioned priority of the TC program in relation to other + // programs of the same type with the same attach point. It is a value from 0 + // to 1000, where lower values have higher precedence. + // +required // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // proceedOn allows the user to call other tc programs in chain on this exit code. - // Multiple values are supported by repeating the parameter. + // proceedOn is the provisioned list of proceedOn values. proceedOn allows the + // user to call other TC programs in a chain, or not call the next program in a + // chain based on the exit code of a TC program .Multiple values are supported. + // +required ProceedOn []TcProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/tcx_program_types.go b/bpfman-operator/apis/v1alpha1/tcx_program_types.go index 0771df9ec49..9c0b547291c 100644 --- a/bpfman-operator/apis/v1alpha1/tcx_program_types.go +++ b/bpfman-operator/apis/v1alpha1/tcx_program_types.go @@ -19,62 +19,94 @@ package v1alpha1 // TcxProgramInfo defines the tcx program details type TcxProgramInfo struct { - // links is The list of points to which the program should be attached. The list items - // are optional and may be updated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // TCX program should be attached. The TCX program is loaded in kernel memory + // when the BPF Application CRD is created and the selected Kubernetes nodes + // are active. The TCX program will not be triggered until the program has also + // been attached to an attachment point described in this list. Items may be + // added or removed from the list at any point, causing the TCX program to be + // attached or detached. + // + // The attachment point for a TCX program is a network interface (or device). + // The interface can be specified by name, by allowing bpfman to discover each + // interface, or by setting the primaryNodeInterface flag, which instructs + // bpfman to use the primary interface of a Kubernetes node. Optionally, the + // TCX program can also be installed into a set of network namespaces. // +optional - // +kubebuilder:default:={} - Links []TcxAttachInfo `json:"links"` + Links []TcxAttachInfo `json:"links,omitempty"` } type TcxAttachInfo struct { - // interfaceSelector to determine the network interface (or interfaces) + // interfaceSelector is a required field and is used to determine the network + // interface (or interfaces) the TCX program is attached. Interface list is set + // by providing a list of interface names, enabling auto discovery, or setting + // the primaryNodeInterface flag, but only one option is allowed. + // +required InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // containers identify the set of containers in which to attach the eBPF - // program. - Containers ContainerSelector `json:"containers"` + // networkNamespaces is a required field that identifies the set of network + // namespaces in which to attach the eBPF program. + // +required + NetworkNamespaces NetworkNamespaceSelector `json:"networkNamespaces"` - // direction specifies the direction of traffic the tcx program should - // attach to for a given network device. + // direction is a required field and specifies the direction of traffic. + // Allowed values are: + // Ingress, Egress + // + // When set to Ingress, the TC program is triggered when packets are received + // by the interface. + // + // When set to Egress, the TC program is triggered when packets are to be + // transmitted by the interface. + // +required // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` - // priority specifies the priority of the tcx program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is an optional field and determines the execution order of the TCX + // program relative to other TCX programs attached to the same attachment + // point. It must be a value between 0 and 1000, where lower values indicate + // higher precedence. For TCX programs on the same attachment point with the + // same direction and priority, the most recently attached program has a lower + // precedence. If not provided, priority will default to 1000. + // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 - Priority int32 `json:"priority"` + // +kubebuilder:default:=1000 + Priority int32 `json:"priority,omitempty"` } type TcxProgramInfoState struct { - // links is the List of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the TCX program. Each entry in the + // list includes a linkStatus, which indicates if the attachment was successful + // or not on this node, a linkId, which is the kernel ID for the link if + // successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []TcxAttachInfoState `json:"links"` + Links []TcxAttachInfoState `json:"links,omitempty"` } type TcxAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // interfaceName is the Interface name to attach the tc program to. + // interfaceName is the name of the interface the TCX program should be + // attached. + // +required InterfaceName string `json:"interfaceName"` - // containerPid is the container pid to attach the tcx program in. - ContainerPid int32 `json:"containerPid"` + // netnsPath is the path to the network namespace inside of which the TCX + // program should be attached. + // +required + NetnsPath string `json:"netnsPath"` - // direction specifies the direction of traffic the tcx program should - // attach to for a given network device. + // direction is the provisioned direction of traffic, Ingress or Egress, the + // TCX program should be attached for a given network device. + // +required // +kubebuilder:validation:Enum=Ingress;Egress Direction TCDirectionType `json:"direction"` - // priority specifies the priority of the tcx program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is the provisioned priority of the TCX program in relation to other + // programs of the same type with the same attach point. It is a value from 0 + // to 1000, where lower values have higher precedence. + // +required // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` diff --git a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go index 0e0e6ec3579..9176a452068 100644 --- a/bpfman-operator/apis/v1alpha1/uprobe_program_types.go +++ b/bpfman-operator/apis/v1alpha1/uprobe_program_types.go @@ -17,73 +17,97 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// UprobeProgramInfo contains the information for the uprobe program type UprobeProgramInfo struct { - // links is The list of points to which the program should be attached. The list items - // are optional and may be updated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // UProbe or URetProbe program should be attached. The eBPF program is loaded + // in kernel memory when the BPF Application CRD is created and the selected + // Kubernetes nodes are active. The eBPF program will not be triggered until + // the program has also been attached to an attachment point described in this + // list. Items may be added or removed from the list at any point, causing the + // eBPF program to be attached or detached. + // + // The attachment point for a UProbe and URetProbe program is a user-space + // binary or function. By default, the eBPF program is triggered at the entry + // of the attachment point, but the attachment point can be adjusted using an + // optional function name and/or offset. Optionally, the eBPF program can be + // installed in a set of containers or limited to a specified PID. // +optional - // +kubebuilder:default:={} - Links []UprobeAttachInfo `json:"links"` + Links []UprobeAttachInfo `json:"links,omitempty"` } type UprobeAttachInfo struct { - // function to attach the uprobe to. + // function is an optional field and specifies the name of a user-space function + // to attach the UProbe or URetProbe program. If not provided, the eBPF program + // will be triggered on the entry of the target. function must not be an empty + // string, must not exceed 64 characters in length, must start with alpha + // characters and must only contain alphanumeric characters. // +optional // +kubebuilder:validation:Pattern="^[a-zA-Z][a-zA-Z0-9_]+." // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=64 - Function string `json:"function"` + Function string `json:"function,omitempty"` - // offset added to the address of the function for uprobe. + // offset is an optional field and the value is added to the address of the + // attachment point function. If not provided, offset defaults to 0. // +optional // +kubebuilder:default:=0 Offset uint64 `json:"offset"` - // target is the Library name or the absolute path to a binary or library. + // target is a required field and is the user-space library name or the + // absolute path to a binary or library. + // +required Target string `json:"target"` - // pid is only execute uprobe for given process identification number (PID). If PID - // is not provided, uprobe executes for all PIDs. + // pid is an optional field and if provided, limits the execution of the UProbe + // or URetProbe to the provided process identification number (PID). If pid is + // not provided, the UProbe or URetProbe executes for all PIDs. // +optional - Pid *int32 `json:"pid"` + Pid *int32 `json:"pid,omitempty"` - // containers identify the set of containers in which to attach the + // containers is an optional field that identifies the set of containers in + // which to attach the UProbe or URetProbe program. If containers is not + // specified, the eBPF program will be attached in the bpfman container. // uprobe. Containers ContainerSelector `json:"containers"` } type UprobeProgramInfoState struct { - // List of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the UProbe program. Each entry in + // the list includes a linkStatus, which indicates if the attachment was + // successful or not on this node, a linkId, which is the kernel ID for the + // link if successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []UprobeAttachInfoState `json:"links"` + Links []UprobeAttachInfoState `json:"links,omitempty"` } type UprobeAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // function to attach the uprobe to. + // function is the provisioned name of the user-space function the UProbe + // program should be attached. // +optional - Function string `json:"function"` + Function string `json:"function,omitempty"` - // offset added to the address of the function for uprobe. + // offset is the provisioned offset, whose value is added to the address of the + // attachment point function. // +optional // +kubebuilder:default:=0 Offset uint64 `json:"offset"` - // target is the library name or the absolute path to a binary or library. + // target is the provisioned user-space library name or the absolute path to a + // binary or library. + // +required Target string `json:"target"` - // pid is Only execute uprobe for given process identification number (PID). If PID - // is not provided, uprobe executes for all PIDs. + // pid is the provisioned pid. If set, pid limits the execution of the UProbe + // or URetProbe to the provided process identification number (PID). If pid is + // not provided, the UProbe or URetProbe executes for all PIDs. // +optional - Pid *int32 `json:"pid"` + Pid *int32 `json:"pid,omitempty"` - // containerPid is container pid to attach the uprobe program in. + // If containers is provisioned in the BpfApplication instance, containerPid is + // the derived PID of the container the UProbe or URetProbe this attachment + // point is attached. // +optional - ContainerPid int32 `json:"containerPid"` + ContainerPid int32 `json:"containerPid,omitempty"` } diff --git a/bpfman-operator/apis/v1alpha1/xdp_program_types.go b/bpfman-operator/apis/v1alpha1/xdp_program_types.go index c8e16d1416d..872c053ffba 100644 --- a/bpfman-operator/apis/v1alpha1/xdp_program_types.go +++ b/bpfman-operator/apis/v1alpha1/xdp_program_types.go @@ -17,65 +17,96 @@ limitations under the License. // All fields are required unless explicitly marked optional package v1alpha1 -// XdpProgramInfo contains the xdp program details type XdpProgramInfo struct { - // links is the list of points to which the program should be attached. The list items - // are optional and may be udated after the bpf program has been loaded + // links is an optional field and is the list of attachment points to which the + // XDP program should be attached. The XDP program is loaded in kernel memory + // when the BPF Application CRD is created and the selected Kubernetes nodes + // are active. The XDP program will not be triggered until the program has also + // been attached to an attachment point described in this list. Items may be + // added or removed from the list at any point, causing the XDP program to be + // attached or detached. + // + // The attachment point for a XDP program is a network interface (or device). + // The interface can be specified by name, by allowing bpfman to discover each + // interface, or by setting the primaryNodeInterface flag, which instructs + // bpfman to use the primary interface of a Kubernetes node. // +optional - // +kubebuilder:default:={} - Links []XdpAttachInfo `json:"links"` + Links []XdpAttachInfo `json:"links,omitempty"` } type XdpAttachInfo struct { - // interfaceSelector to determine the network interface (or interfaces) + // interfaceSelector is a required field and is used to determine the network + // interface (or interfaces) the XDP program is attached. Interface list is set + // by providing a list of interface names, enabling auto discovery, or setting + // the primaryNodeInterface flag, but only one option is allowed. + // +required InterfaceSelector InterfaceSelector `json:"interfaceSelector"` - // containers identify the set of containers in which to attach the eBPF - // program. - Containers ContainerSelector `json:"containers"` + // networkNamespaces is a required field that identifies the set of network + // namespaces in which to attach the eBPF program. + // +required + NetworkNamespaces NetworkNamespaceSelector `json:"networkNamespaces"` - // priority specifies the priority of the bpf program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is an optional field and determines the execution order of the XDP + // program relative to other XDP programs attached to the same attachment + // point. It must be a value between 0 and 1000, where lower values indicate + // higher precedence. For XDP programs on the same attachment point with the + // same priority, the most recently attached program has a lower precedence. + // If not provided, priority will default to 1000. + // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 - Priority int32 `json:"priority"` + // +kubebuilder:default:=1000 + Priority int32 `json:"priority,omitempty"` - // proceedOn allows the user to call other xdp programs in chain on this exit code. - // Multiple values are supported by repeating the parameter. + // proceedOn is an optional field and allows the user to call other XDP + // programs in a chain, or not call the next program in a chain based on the + // exit code of an XDP program. Allowed values, which are the possible exit + // codes from an XDP eBPF program, are: + // Aborted, Drop, Pass, TX, ReDirect,DispatcherReturn + // + // Multiple values are supported. Default is Pass and DispatcherReturn. So + // using the default values, if an XDP program returns Pass, the next XDP + // program in the chain will be called. If an XDP program returns Drop, the + // next XDP program in the chain will NOT be called. // +optional // +kubebuilder:default:={Pass,DispatcherReturn} - ProceedOn []XdpProceedOnValue `json:"proceedOn"` + ProceedOn []XdpProceedOnValue `json:"proceedOn,omitempty"` } type XdpProgramInfoState struct { - // links is the list of attach points for the BPF program on the given node. Each entry - // in *AttachInfoState represents a specific, unique attach point that is - // derived from *AttachInfo by fully expanding any selectors. Each entry - // also contains information about the attach point required by the - // reconciler + // links is a list of attachment points for the XDP program. Each entry in the + // list includes a linkStatus, which indicates if the attachment was successful + // or not on this node, a linkId, which is the kernel ID for the link if + // successfully attached, and other attachment specific data. // +optional - // +kubebuilder:default:={} - Links []XdpAttachInfoState `json:"links"` + Links []XdpAttachInfoState `json:"links,omitempty"` } type XdpAttachInfoState struct { AttachInfoStateCommon `json:",inline"` - // interfaceName is the interface name to attach the xdp program to. + // interfaceName is the name of the interface the XDP program should be + // attached. + // +required InterfaceName string `json:"interfaceName"` - // containerPid Container pid to attach the xdp program in. - ContainerPid int32 `json:"containerPid"` + // netnsPath is the path to the network namespace inside of which the XDP + // program should be attached. + // +required + NetnsPath string `json:"netnsPath"` - // priority specifies the priority of the xdp program in relation to - // other programs of the same type with the same attach point. It is a value - // from 0 to 1000 where lower values have higher precedence. + // priority is the provisioned priority of the XDP program in relation to other + // programs of the same type with the same attach point. It is a value from 0 + // to 1000, where lower values have higher precedence. + // +required // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=1000 Priority int32 `json:"priority"` - // proceedOn allows the user to call other xdp programs in chain on this exit code. - // Multiple values are supported by repeating the parameter. + // proceedOn is the provisioned list of proceedOn values. proceedOn allows the + // user to call other TC programs in a chain, or not call the next program in a + // chain based on the exit code of a TC program .Multiple values are supported. + // +required ProceedOn []XdpProceedOnValue `json:"proceedOn"` } diff --git a/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go b/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go index 00942b9861b..48d1c7e48d8 100644 --- a/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go +++ b/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go @@ -273,7 +273,6 @@ func (in *BpfApplicationState) DeepCopyInto(out *BpfApplicationState) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) } @@ -328,7 +327,7 @@ func (in *BpfApplicationStateList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BpfApplicationStateSpec) DeepCopyInto(out *BpfApplicationStateSpec) { +func (in *BpfApplicationStateStatus) DeepCopyInto(out *BpfApplicationStateStatus) { *out = *in if in.Programs != nil { in, out := &in.Programs, &out.Programs @@ -337,14 +336,21 @@ func (in *BpfApplicationStateSpec) DeepCopyInto(out *BpfApplicationStateSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationStateSpec. -func (in *BpfApplicationStateSpec) DeepCopy() *BpfApplicationStateSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationStateStatus. +func (in *BpfApplicationStateStatus) DeepCopy() *BpfApplicationStateStatus { if in == nil { return nil } - out := new(BpfApplicationStateSpec) + out := new(BpfApplicationStateStatus) in.DeepCopyInto(out) return out } @@ -569,7 +575,7 @@ func (in *ClBpfApplicationSpec) DeepCopy() *ClBpfApplicationSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClBpfApplicationStateSpec) DeepCopyInto(out *ClBpfApplicationStateSpec) { +func (in *ClBpfApplicationStateStatus) DeepCopyInto(out *ClBpfApplicationStateStatus) { *out = *in if in.Programs != nil { in, out := &in.Programs, &out.Programs @@ -578,14 +584,21 @@ func (in *ClBpfApplicationStateSpec) DeepCopyInto(out *ClBpfApplicationStateSpec (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClBpfApplicationStateSpec. -func (in *ClBpfApplicationStateSpec) DeepCopy() *ClBpfApplicationStateSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClBpfApplicationStateStatus. +func (in *ClBpfApplicationStateStatus) DeepCopy() *ClBpfApplicationStateStatus { if in == nil { return nil } - out := new(ClBpfApplicationStateSpec) + out := new(ClBpfApplicationStateStatus) in.DeepCopyInto(out) return out } @@ -596,12 +609,8 @@ func (in *ClContainerSelector) DeepCopyInto(out *ClContainerSelector) { in.Pods.DeepCopyInto(&out.Pods) if in.ContainerNames != nil { in, out := &in.ContainerNames, &out.ContainerNames - *out = new([]string) - if **in != nil { - in, out := *in, *out - *out = make([]string, len(*in)) - copy(*out, *in) - } + *out = make([]string, len(*in)) + copy(*out, *in) } } @@ -941,13 +950,29 @@ func (in *ClKretprobeProgramInfoState) DeepCopy() *ClKretprobeProgramInfoState { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClNetworkNamespaceSelector) DeepCopyInto(out *ClNetworkNamespaceSelector) { + *out = *in + in.Pods.DeepCopyInto(&out.Pods) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClNetworkNamespaceSelector. +func (in *ClNetworkNamespaceSelector) DeepCopy() *ClNetworkNamespaceSelector { + if in == nil { + return nil + } + out := new(ClNetworkNamespaceSelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClTcAttachInfo) DeepCopyInto(out *ClTcAttachInfo) { *out = *in in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ClContainerSelector) + if in.NetworkNamespaces != nil { + in, out := &in.NetworkNamespaces, &out.NetworkNamespaces + *out = new(ClNetworkNamespaceSelector) (*in).DeepCopyInto(*out) } if in.ProceedOn != nil { @@ -971,11 +996,6 @@ func (in *ClTcAttachInfo) DeepCopy() *ClTcAttachInfo { func (in *ClTcAttachInfoState) DeepCopyInto(out *ClTcAttachInfoState) { *out = *in in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) - if in.ContainerPid != nil { - in, out := &in.ContainerPid, &out.ContainerPid - *out = new(int32) - **out = **in - } if in.ProceedOn != nil { in, out := &in.ProceedOn, &out.ProceedOn *out = make([]TcProceedOnValue, len(*in)) @@ -1041,9 +1061,9 @@ func (in *ClTcProgramInfoState) DeepCopy() *ClTcProgramInfoState { func (in *ClTcxAttachInfo) DeepCopyInto(out *ClTcxAttachInfo) { *out = *in in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ClContainerSelector) + if in.NetworkNamespaces != nil { + in, out := &in.NetworkNamespaces, &out.NetworkNamespaces + *out = new(ClNetworkNamespaceSelector) (*in).DeepCopyInto(*out) } } @@ -1062,11 +1082,6 @@ func (in *ClTcxAttachInfo) DeepCopy() *ClTcxAttachInfo { func (in *ClTcxAttachInfoState) DeepCopyInto(out *ClTcxAttachInfoState) { *out = *in in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) - if in.ContainerPid != nil { - in, out := &in.ContainerPid, &out.ContainerPid - *out = new(int32) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClTcxAttachInfoState. @@ -1295,9 +1310,9 @@ func (in *ClUprobeProgramInfoState) DeepCopy() *ClUprobeProgramInfoState { func (in *ClXdpAttachInfo) DeepCopyInto(out *ClXdpAttachInfo) { *out = *in in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ClContainerSelector) + if in.NetworkNamespaces != nil { + in, out := &in.NetworkNamespaces, &out.NetworkNamespaces + *out = new(ClNetworkNamespaceSelector) (*in).DeepCopyInto(*out) } if in.ProceedOn != nil { @@ -1321,11 +1336,6 @@ func (in *ClXdpAttachInfo) DeepCopy() *ClXdpAttachInfo { func (in *ClXdpAttachInfoState) DeepCopyInto(out *ClXdpAttachInfoState) { *out = *in in.AttachInfoStateCommon.DeepCopyInto(&out.AttachInfoStateCommon) - if in.ContainerPid != nil { - in, out := &in.ContainerPid, &out.ContainerPid - *out = new(int32) - **out = **in - } if in.ProceedOn != nil { in, out := &in.ProceedOn, &out.ProceedOn *out = make([]XdpProceedOnValue, len(*in)) @@ -1451,7 +1461,6 @@ func (in *ClusterBpfApplicationState) DeepCopyInto(out *ClusterBpfApplicationSta *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) } @@ -1511,12 +1520,8 @@ func (in *ContainerSelector) DeepCopyInto(out *ContainerSelector) { in.Pods.DeepCopyInto(&out.Pods) if in.ContainerNames != nil { in, out := &in.ContainerNames, &out.ContainerNames - *out = new([]string) - if **in != nil { - in, out := *in, *out - *out = make([]string, len(*in)) - copy(*out, *in) - } + *out = make([]string, len(*in)) + copy(*out, *in) } } @@ -1545,17 +1550,48 @@ func (in *ImagePullSecretSelector) DeepCopy() *ImagePullSecretSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InterfaceDiscovery) DeepCopyInto(out *InterfaceDiscovery) { + *out = *in + if in.InterfaceAutoDiscovery != nil { + in, out := &in.InterfaceAutoDiscovery, &out.InterfaceAutoDiscovery + *out = new(bool) + **out = **in + } + if in.ExcludeInterfaces != nil { + in, out := &in.ExcludeInterfaces, &out.ExcludeInterfaces + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.AllowedInterfaces != nil { + in, out := &in.AllowedInterfaces, &out.AllowedInterfaces + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterfaceDiscovery. +func (in *InterfaceDiscovery) DeepCopy() *InterfaceDiscovery { + if in == nil { + return nil + } + out := new(InterfaceDiscovery) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InterfaceSelector) DeepCopyInto(out *InterfaceSelector) { *out = *in + if in.InterfacesDiscoveryConfig != nil { + in, out := &in.InterfacesDiscoveryConfig, &out.InterfacesDiscoveryConfig + *out = new(InterfaceDiscovery) + (*in).DeepCopyInto(*out) + } if in.Interfaces != nil { in, out := &in.Interfaces, &out.Interfaces - *out = new([]string) - if **in != nil { - in, out := *in, *out - *out = make([]string, len(*in)) - copy(*out, *in) - } + *out = make([]string, len(*in)) + copy(*out, *in) } if in.PrimaryNodeInterface != nil { in, out := &in.PrimaryNodeInterface, &out.PrimaryNodeInterface @@ -1574,11 +1610,27 @@ func (in *InterfaceSelector) DeepCopy() *InterfaceSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkNamespaceSelector) DeepCopyInto(out *NetworkNamespaceSelector) { + *out = *in + in.Pods.DeepCopyInto(&out.Pods) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkNamespaceSelector. +func (in *NetworkNamespaceSelector) DeepCopy() *NetworkNamespaceSelector { + if in == nil { + return nil + } + out := new(NetworkNamespaceSelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TcAttachInfo) DeepCopyInto(out *TcAttachInfo) { *out = *in in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - in.Containers.DeepCopyInto(&out.Containers) + in.NetworkNamespaces.DeepCopyInto(&out.NetworkNamespaces) if in.ProceedOn != nil { in, out := &in.ProceedOn, &out.ProceedOn *out = make([]TcProceedOnValue, len(*in)) @@ -1665,7 +1717,7 @@ func (in *TcProgramInfoState) DeepCopy() *TcProgramInfoState { func (in *TcxAttachInfo) DeepCopyInto(out *TcxAttachInfo) { *out = *in in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - in.Containers.DeepCopyInto(&out.Containers) + in.NetworkNamespaces.DeepCopyInto(&out.NetworkNamespaces) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxAttachInfo. @@ -1828,7 +1880,7 @@ func (in *UprobeProgramInfoState) DeepCopy() *UprobeProgramInfoState { func (in *XdpAttachInfo) DeepCopyInto(out *XdpAttachInfo) { *out = *in in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - in.Containers.DeepCopyInto(&out.Containers) + in.NetworkNamespaces.DeepCopyInto(&out.NetworkNamespaces) if in.ProceedOn != nil { in, out := &in.ProceedOn, &out.ProceedOn *out = make([]XdpProceedOnValue, len(*in))