From 9d6abf7e553174877be57d98770831478ee11456 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Tue, 29 Oct 2024 12:45:33 -0400 Subject: [PATCH 1/3] SDN-5393: intg netobserv operator with bpfman to manage ebpf programs Signed-off-by: Mohamed Mahmoud --- .../v1beta1/flowcollector_types.go | 5 +- .../v1beta2/flowcollector_types.go | 6 +- .../flows.netobserv.io_flowcollectors.yaml | 7 + ...observ-operator.clusterserviceversion.yaml | 12 + .../flows.netobserv.io_flowcollectors.yaml | 7 + config/rbac/role.yaml | 12 + .../samples/flows_v1beta2_flowcollector.yaml | 1 + controllers/ebpf/agent_controller.go | 60 +- controllers/ebpf/bpfmanager-controller.go | 260 ++++ docs/FlowCollector.md | 7 +- go.mod | 6 +- go.sum | 9 +- main.go | 4 +- pkg/helper/flowcollector.go | 3 + pkg/manager/manager.go | 1 + .../github.com/bpfman/bpfman-operator/LICENSE | 201 +++ .../apis/v1alpha1/bpfapplication_types.go | 168 ++ .../apis/v1alpha1/bpfprogram_types.go | 71 + .../bpfman-operator/apis/v1alpha1/doc.go | 21 + .../apis/v1alpha1/fentryProgram_types.go | 70 + .../apis/v1alpha1/fexitProgram_types.go | 70 + .../apis/v1alpha1/kprobeProgram_types.go | 91 ++ .../apis/v1alpha1/shared_types.go | 368 +++++ .../apis/v1alpha1/tcProgram_types.go | 95 ++ .../apis/v1alpha1/tcxProgram_types.go | 85 ++ .../apis/v1alpha1/tracepointProgram_types.go | 72 + .../apis/v1alpha1/uprobeProgram_types.go | 107 ++ .../apis/v1alpha1/xdpProgram_types.go | 89 ++ .../apis/v1alpha1/zz_generated.deepcopy.go | 1357 +++++++++++++++++ .../apis/v1alpha1/zz_generated.register.go | 88 ++ vendor/golang.org/x/time/LICENSE | 4 +- vendor/k8s.io/klog/.travis.yml | 16 + vendor/k8s.io/klog/CONTRIBUTING.md | 22 + vendor/k8s.io/klog/LICENSE | 191 +++ vendor/k8s.io/klog/OWNERS | 19 + vendor/k8s.io/klog/README.md | 97 ++ vendor/k8s.io/klog/RELEASE.md | 9 + vendor/k8s.io/klog/SECURITY_CONTACTS | 20 + vendor/k8s.io/klog/code-of-conduct.md | 3 + vendor/k8s.io/klog/klog.go | 1308 ++++++++++++++++ vendor/k8s.io/klog/klog_file.go | 139 ++ vendor/modules.txt | 8 +- 42 files changed, 5172 insertions(+), 17 deletions(-) create mode 100644 controllers/ebpf/bpfmanager-controller.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/LICENSE create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/bpfapplication_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/bpfprogram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/doc.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/fentryProgram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/fexitProgram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/kprobeProgram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/shared_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tcProgram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tcxProgram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tracepointProgram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/uprobeProgram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/xdpProgram_types.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go create mode 100644 vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/zz_generated.register.go create mode 100644 vendor/k8s.io/klog/.travis.yml create mode 100644 vendor/k8s.io/klog/CONTRIBUTING.md create mode 100644 vendor/k8s.io/klog/LICENSE create mode 100644 vendor/k8s.io/klog/OWNERS create mode 100644 vendor/k8s.io/klog/README.md create mode 100644 vendor/k8s.io/klog/RELEASE.md create mode 100644 vendor/k8s.io/klog/SECURITY_CONTACTS create mode 100644 vendor/k8s.io/klog/code-of-conduct.md create mode 100644 vendor/k8s.io/klog/klog.go create mode 100644 vendor/k8s.io/klog/klog_file.go diff --git a/apis/flowcollector/v1beta1/flowcollector_types.go b/apis/flowcollector/v1beta1/flowcollector_types.go index f1c32d90c..b02970751 100644 --- a/apis/flowcollector/v1beta1/flowcollector_types.go +++ b/apis/flowcollector/v1beta1/flowcollector_types.go @@ -153,7 +153,8 @@ type FlowCollectorIPFIX struct { // - `FlowRTT`, to track TCP latency [Unsupported (*)].
// - `NetworkEvents`, to track Network events.
// - `PacketTranslation`, to enrich flows with packets translation information.
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation" +// - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager" type AgentFeature string const ( @@ -162,6 +163,7 @@ const ( FlowRTT AgentFeature = "FlowRTT" NetworkEvents AgentFeature = "NetworkEvents" PacketTranslation AgentFeature = "PacketTranslation" + EbpfManager AgentFeature = "EbpfManager" ) // Name of an eBPF agent alert. @@ -339,6 +341,7 @@ type FlowCollectorEBPF struct { // - `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting // the kernel debug filesystem, so the eBPF pod has to run as privileged. // - `PacketTranslation`: enable enriching flows with packet's translation information.
+ // - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
// +optional Features []AgentFeature `json:"features,omitempty"` diff --git a/apis/flowcollector/v1beta2/flowcollector_types.go b/apis/flowcollector/v1beta2/flowcollector_types.go index aa4955c6a..32f100a17 100644 --- a/apis/flowcollector/v1beta2/flowcollector_types.go +++ b/apis/flowcollector/v1beta2/flowcollector_types.go @@ -176,7 +176,8 @@ type FlowCollectorIPFIX struct { // - `FlowRTT`, to track TCP latency.
// - `NetworkEvents`, to track Network events [Developer Preview].
// - `PacketTranslation`, to enrich flows with packets translation information.
-// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation" +// - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
+// +kubebuilder:validation:Enum:="PacketDrop";"DNSTracking";"FlowRTT";"NetworkEvents";"PacketTranslation";"EbpfManager" type AgentFeature string const ( @@ -185,6 +186,7 @@ const ( FlowRTT AgentFeature = "FlowRTT" NetworkEvents AgentFeature = "NetworkEvents" PacketTranslation AgentFeature = "PacketTranslation" + EbpfManager AgentFeature = "EbpfManager" ) // Name of an eBPF agent alert. @@ -365,6 +367,8 @@ type FlowCollectorEBPF struct { // It requires using the OVN-Kubernetes network plugin with the Observability feature. // IMPORTANT: This feature is available as a Developer Preview.
// - `PacketTranslation`: enable enriching flows with packet's translation information.
+ // - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+ // IMPORTANT: This feature is available as a Developer Preview.
// +optional Features []AgentFeature `json:"features,omitempty"` diff --git a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml index 323af2f1f..d883e8fe2 100644 --- a/bundle/manifests/flows.netobserv.io_flowcollectors.yaml +++ b/bundle/manifests/flows.netobserv.io_flowcollectors.yaml @@ -136,6 +136,7 @@ spec: - `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting the kernel debug filesystem, so the eBPF pod has to run as privileged. - `PacketTranslation`: enable enriching flows with packet's translation information.
+ - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
items: description: |- Agent feature, can be one of:
@@ -144,12 +145,14 @@ spec: - `FlowRTT`, to track TCP latency [Unsupported (*)].
- `NetworkEvents`, to track Network events.
- `PacketTranslation`, to enrich flows with packets translation information.
+ - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
enum: - PacketDrop - DNSTracking - FlowRTT - NetworkEvents - PacketTranslation + - EbpfManager type: string type: array flowFilter: @@ -3820,6 +3823,8 @@ spec: It requires using the OVN-Kubernetes network plugin with the Observability feature. IMPORTANT: This feature is available as a Developer Preview.
- `PacketTranslation`: enable enriching flows with packet's translation information.
+ - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+ IMPORTANT: This feature is available as a Developer Preview.
items: description: |- Agent feature, can be one of:
@@ -3828,12 +3833,14 @@ spec: - `FlowRTT`, to track TCP latency.
- `NetworkEvents`, to track Network events [Developer Preview].
- `PacketTranslation`, to enrich flows with packets translation information.
+ - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
enum: - PacketDrop - DNSTracking - FlowRTT - NetworkEvents - PacketTranslation + - EbpfManager type: string type: array flowFilter: diff --git a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml index c6261ad2d..8fdb49ccd 100644 --- a/bundle/manifests/netobserv-operator.clusterserviceversion.yaml +++ b/bundle/manifests/netobserv-operator.clusterserviceversion.yaml @@ -1025,6 +1025,18 @@ spec: - patch - update - watch + - apiGroups: + - bpfman.io + resources: + - bpfapplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - config.openshift.io resources: diff --git a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml index 43e039b6c..45e839976 100644 --- a/config/crd/bases/flows.netobserv.io_flowcollectors.yaml +++ b/config/crd/bases/flows.netobserv.io_flowcollectors.yaml @@ -121,6 +121,7 @@ spec: - `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting the kernel debug filesystem, so the eBPF pod has to run as privileged. - `PacketTranslation`: enable enriching flows with packet's translation information.
+ - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
items: description: |- Agent feature, can be one of:
@@ -129,12 +130,14 @@ spec: - `FlowRTT`, to track TCP latency [Unsupported (*)].
- `NetworkEvents`, to track Network events.
- `PacketTranslation`, to enrich flows with packets translation information.
+ - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
enum: - PacketDrop - DNSTracking - FlowRTT - NetworkEvents - PacketTranslation + - EbpfManager type: string type: array flowFilter: @@ -3521,6 +3524,8 @@ spec: It requires using the OVN-Kubernetes network plugin with the Observability feature. IMPORTANT: This feature is available as a Developer Preview.
- `PacketTranslation`: enable enriching flows with packet's translation information.
+ - `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+ IMPORTANT: This feature is available as a Developer Preview.
items: description: |- Agent feature, can be one of:
@@ -3529,12 +3534,14 @@ spec: - `FlowRTT`, to track TCP latency.
- `NetworkEvents`, to track Network events [Developer Preview].
- `PacketTranslation`, to enrich flows with packets translation information.
+ - `EbpfManager`, to enable using EBPF Manager to manage netobserv ebpf programs [Developer Preview].
enum: - PacketDrop - DNSTracking - FlowRTT - NetworkEvents - PacketTranslation + - EbpfManager type: string type: array flowFilter: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index b25b08a24..b83ba86e8 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -96,6 +96,18 @@ rules: - patch - update - watch +- apiGroups: + - bpfman.io + resources: + - bpfapplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - config.openshift.io resources: diff --git a/config/samples/flows_v1beta2_flowcollector.yaml b/config/samples/flows_v1beta2_flowcollector.yaml index c80d479c7..07358df69 100644 --- a/config/samples/flows_v1beta2_flowcollector.yaml +++ b/config/samples/flows_v1beta2_flowcollector.yaml @@ -24,6 +24,7 @@ spec: # - "FlowRTT" # - "NetworkEvents" # - "PacketTranslation" + # - "EbpfManager" interfaces: [] excludeInterfaces: ["lo"] kafkaBatchSize: 1048576 diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go index 36c1a1853..5c52c9a78 100644 --- a/controllers/ebpf/agent_controller.go +++ b/controllers/ebpf/agent_controller.go @@ -83,6 +83,7 @@ const ( envFilterTCPFlags = "FILTER_TCP_FLAGS" envFilterPktDrops = "FILTER_DROPS" envEnablePacketTranslation = "ENABLE_PKT_TRANSLATION" + envEnableEbpfMgr = "EBPF_PROGRAM_MANAGER_MODE" envListSeparator = "," ) @@ -112,6 +113,10 @@ const ( DedupeJustMarkDefault = "false" DedupeMergeDefault = "true" defaultDNSTrackingPort = "53" + bpfmanMapsVolumeName = "bpfman-maps" + bpfManBpfFSPath = "/run/netobserv/maps" + mapsVolumeName = "bpf-maps" + bpfFsPath = "/sys/fs/bpf" ) // AgentController reconciles the status of the eBPF agent Daemonset, as well as the @@ -164,6 +169,12 @@ func (c *AgentController) Reconcile(ctx context.Context, target *flowslatest.Flo return nil } rlog.Info("namespace cleanup: deleting eBPF agent", "currentAgent", target.Spec.Agent) + if helper.IsAgentFeatureEnabled(&target.Spec.Agent.EBPF, flowslatest.EbpfManager) { + if err := c.bpfmanDetachNetobserv(ctx); err != nil { + rlog.Error(err, "failed to delete bpfapplication object") + // continue with eBPF agent deletion + } + } if err := c.Delete(ctx, current); err != nil { if errors.IsNotFound(err) { return nil @@ -192,15 +203,25 @@ func (c *AgentController) Reconcile(ctx context.Context, target *flowslatest.Flo case helper.ActionCreate: rlog.Info("action: create agent") c.Status.SetCreatingDaemonSet(desired) - return c.CreateOwned(ctx, desired) + err = c.CreateOwned(ctx, desired) case helper.ActionUpdate: rlog.Info("action: update agent") - return c.UpdateIfOwned(ctx, current, desired) + err = c.UpdateIfOwned(ctx, current, desired) default: rlog.Info("action: nothing to do") c.Status.CheckDaemonSetProgress(current) - return nil } + + if err != nil { + return err + } + + if helper.IsAgentFeatureEnabled(&target.Spec.Agent.EBPF, flowslatest.EbpfManager) { + if err := c.bpfmanAttachNetobserv(ctx, target); err != nil { + return fmt.Errorf("failed to attach netobserv: %w", err) + } + } + return nil } func (c *AgentController) current(ctx context.Context) (*v1.DaemonSet, error) { @@ -356,6 +377,32 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol } } + if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.EbpfManager) { + if !coll.Spec.Agent.EBPF.Privileged { + rlog.Error(fmt.Errorf("invalid configuration"), "To enable BPF Manager feature privileged mode needs to be enabled") + } else { + volume := corev1.Volume{ + Name: bpfmanMapsVolumeName, + VolumeSource: corev1.VolumeSource{ + CSI: &corev1.CSIVolumeSource{ + Driver: "csi.bpfman.io", + VolumeAttributes: map[string]string{ + "csi.bpfman.io/program": "netobserv", + "csi.bpfman.io/maps": "aggregated_flows,direct_flows,dns_flows,filter_map,global_counters,packet_record", + }, + }, + }, + } + volumes = append(volumes, volume) + volumeMount := corev1.VolumeMount{ + Name: bpfmanMapsVolumeName, + MountPath: bpfManBpfFSPath, + MountPropagation: newMountPropagationMode(corev1.MountPropagationBidirectional), + } + volumeMounts = append(volumeMounts, volumeMount) + } + } + advancedConfig := helper.GetAdvancedAgentConfig(coll.Spec.Agent.EBPF.Advanced) return &v1.DaemonSet{ @@ -658,7 +705,12 @@ func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1 if helper.IsPacketTranslationEnabled(&coll.Spec.Agent.EBPF) { config = append(config, corev1.EnvVar{ - Name: envEnablePacketTranslation, + Name: envEnablePacketTranslation, + }) + } + if helper.IsEbpfManagerEnabled(&coll.Spec.Agent.EBPF) { + config = append(config, corev1.EnvVar{ + Name: envEnableEbpfMgr, Value: "true", }) } diff --git a/controllers/ebpf/bpfmanager-controller.go b/controllers/ebpf/bpfmanager-controller.go new file mode 100644 index 000000000..ff76645c4 --- /dev/null +++ b/controllers/ebpf/bpfmanager-controller.go @@ -0,0 +1,260 @@ +package ebpf + +import ( + "context" + "encoding/binary" + "fmt" + "github.com/netobserv/network-observability-operator/pkg/helper" + "github.com/sirupsen/logrus" + + flowslatest "github.com/netobserv/network-observability-operator/apis/flowcollector/v1beta2" + + bpfmaniov1alpha1 "github.com/bpfman/bpfman-operator/apis/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/klog" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + netobservApp = "netobserv" + netobservBCImage = "quay.io/netobserv/ebpf-bytecode:latest" +) + +// bpfmanDetachNetobserv find BpfmanApplication object with all required ebpf hooks and detaches them using bpfman manager +func (c *AgentController) bpfmanDetachNetobserv(ctx context.Context) error { + bpfApp := bpfmaniov1alpha1.BpfApplication{ + ObjectMeta: v1.ObjectMeta{ + Name: netobservApp, + }, + TypeMeta: v1.TypeMeta{ + Kind: "BpfApplication", + }, + } + + key := client.ObjectKey{Name: netobservApp} + + err := c.Get(ctx, key, &bpfApp) + if err != nil { + return fmt.Errorf("failed to get BpfApplication: %w", err) + } + + err = c.deleteBpfApplication(ctx, &bpfApp) + if err != nil { + return fmt.Errorf("failed to delete BpfApplication: %w", err) + } + return nil +} + +// bpfmanAttachNetobserv Creates BpfmanApplication object with all required ebpf hooks and attaches them using bpfman manager +func (c *AgentController) bpfmanAttachNetobserv(ctx context.Context, fc *flowslatest.FlowCollector) error { + var err error + bpfApp := bpfmaniov1alpha1.BpfApplication{ + ObjectMeta: v1.ObjectMeta{ + Name: netobservApp, + }, + TypeMeta: v1.TypeMeta{ + Kind: "BpfApplication", + }, + } + + key := client.ObjectKey{Name: netobservApp} + + err = c.Get(ctx, key, &bpfApp) + if err != nil { + if errors.IsNotFound(err) { + prepareBpfApplication(&bpfApp, fc) + err = c.createBpfApplication(ctx, &bpfApp) + if err != nil { + return fmt.Errorf("failed to create BpfApplication: %w for obj: %s", err, fc.Name) + } + } else { + return fmt.Errorf("failed to get BpfApplication: %w for obj: %s", err, fc.Name) + } + } else { + // object exists repopulate it with the new configuration and update it + prepareBpfApplication(&bpfApp, fc) + err = c.updateBpfApplication(ctx, &bpfApp) + if err != nil { + return fmt.Errorf("failed to update BpfApplication: %w for obj: %s", err, fc.Name) + } + } + + return err +} + +func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.BpfApplication, fc *flowslatest.FlowCollector) { + interfaces := fc.Spec.Agent.EBPF.Interfaces + + samplingValue := make([]byte, 4) + dnsPortValue := make([]byte, 2) + var enableDNSValue, enableRTTValue, enableFLowFilterValue, enableNetworkEvents, traceValue, networkEventsGroupIDValue, enablePktTranslation []byte + + binary.NativeEndian.PutUint32(samplingValue, uint32(*fc.Spec.Agent.EBPF.Sampling)) + + if fc.Spec.Agent.EBPF.LogLevel == logrus.TraceLevel.String() || fc.Spec.Agent.EBPF.LogLevel == logrus.DebugLevel.String() { + traceValue = append(traceValue, uint8(1)) + } + + if helper.IsDNSTrackingEnabled(&fc.Spec.Agent.EBPF) { + enableDNSValue = append(enableDNSValue, uint8(1)) + } + + if helper.IsFlowRTTEnabled(&fc.Spec.Agent.EBPF) { + enableRTTValue = append(enableRTTValue, uint8(1)) + } + + if helper.IsEBFPFlowFilterEnabled(&fc.Spec.Agent.EBPF) { + enableFLowFilterValue = append(enableFLowFilterValue, uint8(1)) + } + + if helper.IsNetworkEventsEnabled(&fc.Spec.Agent.EBPF) { + enableNetworkEvents = append(enableNetworkEvents, uint8(1)) + } + + if helper.IsPacketTranslationEnabled(&fc.Spec.Agent.EBPF) { + enablePktTranslation = append(enablePktTranslation, uint8(1)) + } + + bpfApp.Labels = map[string]string{ + "app": netobservApp, + } + + if fc.Spec.Agent.EBPF.Advanced != nil { + advancedConfig := helper.GetAdvancedAgentConfig(fc.Spec.Agent.EBPF.Advanced) + for _, pair := range helper.KeySorted(advancedConfig.Env) { + k, v := pair[0], pair[1] + if k == envDNSTrackingPort { + dnsPortValue = []byte(v) + } else if k == envNetworkEventsGroupID { + networkEventsGroupIDValue = []byte(v) + } + } + + if advancedConfig.Scheduling != nil { + bpfApp.Spec.NodeSelector = v1.LabelSelector{MatchLabels: fc.Spec.Agent.EBPF.Advanced.Scheduling.NodeSelector} + } + } + + bpfApp.Spec.BpfAppCommon.GlobalData = map[string][]byte{ + "sampling": samplingValue, + "trace_messages": traceValue, + "enable_rtt": enableRTTValue, + "enable_dns_tracking": enableDNSValue, + "dns_port": dnsPortValue, + "enable_flows_filtering": enableFLowFilterValue, + "enable_network_events_monitoring": enableNetworkEvents, + "network_events_monitoring_groupid": networkEventsGroupIDValue, + "enable_pkt_translation_tracking": enablePktTranslation, + } + + bpfApp.Spec.BpfAppCommon.ByteCode = bpfmaniov1alpha1.BytecodeSelector{ + Image: &bpfmaniov1alpha1.BytecodeImage{ + Url: netobservBCImage, + ImagePullPolicy: bpfmaniov1alpha1.PullIfNotPresent, + }, + } + bpfApp.Spec.Programs = []bpfmaniov1alpha1.BpfApplicationProgram{ + { + Type: bpfmaniov1alpha1.ProgTypeTCX, + TCX: &bpfmaniov1alpha1.TcxProgramInfo{ + BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ + BpfFunctionName: "tcx_ingress_flow_parse", + }, + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{Interfaces: &interfaces}, + Direction: "ingress", + }, + }, + { + Type: bpfmaniov1alpha1.ProgTypeTCX, + TCX: &bpfmaniov1alpha1.TcxProgramInfo{ + BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ + BpfFunctionName: "tcx_egress_flow_parse", + }, + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{Interfaces: &interfaces}, + Direction: "egress", + }, + }, + } + + if helper.IsFlowRTTEnabled(&fc.Spec.Agent.EBPF) { + bpfApp.Spec.Programs = append(bpfApp.Spec.Programs, []bpfmaniov1alpha1.BpfApplicationProgram{ + { + Type: bpfmaniov1alpha1.ProgTypeFentry, + Fentry: &bpfmaniov1alpha1.FentryProgramInfo{ + BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ + BpfFunctionName: "tcp_rcv_fentry", + }, + FunctionName: "tcp_rcv_established", + }, + }, + { + Type: bpfmaniov1alpha1.ProgTypeKprobe, + Kprobe: &bpfmaniov1alpha1.KprobeProgramInfo{ + BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ + BpfFunctionName: "tcp_rcv_kprobe", + }, + FunctionName: "tcp_rcv_established", + RetProbe: false, + }, + }, + }...) + } + + if helper.IsNetworkEventsEnabled(&fc.Spec.Agent.EBPF) { + bpfApp.Spec.Programs = append(bpfApp.Spec.Programs, []bpfmaniov1alpha1.BpfApplicationProgram{ + { + Type: bpfmaniov1alpha1.ProgTypeKprobe, + Kprobe: &bpfmaniov1alpha1.KprobeProgramInfo{ + BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ + BpfFunctionName: "rh_network_events_monitoring", + }, + FunctionName: "rh_psample_sample_packet", + RetProbe: false, + }, + }, + }...) + } + + if helper.IsPktDropEnabled(&fc.Spec.Agent.EBPF) { + bpfApp.Spec.Programs = append(bpfApp.Spec.Programs, []bpfmaniov1alpha1.BpfApplicationProgram{ + { + Type: bpfmaniov1alpha1.ProgTypeTracepoint, + Tracepoint: &bpfmaniov1alpha1.TracepointProgramInfo{ + BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ + BpfFunctionName: "kfree_skb", + }, + Names: []string{"skb/kfree_skb"}, + }, + }, + }...) + } + + if helper.IsPacketTranslationEnabled(&fc.Spec.Agent.EBPF) { + bpfApp.Spec.Programs = append(bpfApp.Spec.Programs, []bpfmaniov1alpha1.BpfApplicationProgram{ + { + Type: bpfmaniov1alpha1.ProgTypeKprobe, + Kprobe: &bpfmaniov1alpha1.KprobeProgramInfo{ + BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ + BpfFunctionName: "track_nat_manip_pkt", + }, + FunctionName: "nf_nat_manip_pkt", + RetProbe: false, + }, + }, + }...) + } +} + +func (c *AgentController) deleteBpfApplication(ctx context.Context, bpfApp *bpfmaniov1alpha1.BpfApplication) error { + klog.Info("Deleting BpfApplication Object") + return c.Delete(ctx, bpfApp) +} + +func (c *AgentController) createBpfApplication(ctx context.Context, bpfApp *bpfmaniov1alpha1.BpfApplication) error { + return c.CreateOwned(ctx, bpfApp) +} + +func (c *AgentController) updateBpfApplication(ctx context.Context, bpfApp *bpfmaniov1alpha1.BpfApplication) error { + return c.UpdateOwned(ctx, bpfApp, bpfApp) +} diff --git a/docs/FlowCollector.md b/docs/FlowCollector.md index f58b460af..ab9d68e6a 100644 --- a/docs/FlowCollector.md +++ b/docs/FlowCollector.md @@ -292,7 +292,8 @@ If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.< - `FlowRTT`: enable flow latency (sRTT) extraction in the eBPF agent from TCP traffic.
- `NetworkEvents`: enable the Network events monitoring feature. This feature requires mounting the kernel debug filesystem, so the eBPF pod has to run as privileged. -- `PacketTranslation`: enable enriching flows with packet's translation information.

+- `PacketTranslation`: enable enriching flows with packet's translation information.
+- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.

false @@ -6112,7 +6113,9 @@ If the `spec.agent.ebpf.privileged` parameter is not set, an error is reported.< This feature requires mounting the kernel debug filesystem, so the eBPF agent pods have to run as privileged. It requires using the OVN-Kubernetes network plugin with the Observability feature. IMPORTANT: This feature is available as a Developer Preview.
-- `PacketTranslation`: enable enriching flows with packet's translation information.

+- `PacketTranslation`: enable enriching flows with packet's translation information.
+- `EbpfManager`: allow using eBPF manager to manage netobserv ebpf programs.
+IMPORTANT: This feature is available as a Developer Preview.

false diff --git a/go.mod b/go.mod index 9cd871b6d..1ff9ac009 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.22.3 toolchain go1.22.4 require ( + github.com/bpfman/bpfman-operator v0.5.5-0.20241023163832-0bf84bbd3927 github.com/coreos/go-semver v0.3.1 github.com/go-logr/logr v1.4.2 github.com/google/go-cmp v0.6.0 @@ -14,6 +15,7 @@ require ( github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.76.1 github.com/prometheus/common v0.55.0 + github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 go.uber.org/zap v1.27.0 gopkg.in/yaml.v2 v2.4.0 @@ -21,6 +23,7 @@ require ( k8s.io/apiextensions-apiserver v0.31.2 k8s.io/apimachinery v0.31.3 k8s.io/client-go v0.31.3 + k8s.io/klog v1.0.0 k8s.io/kube-aggregator v0.31.2 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/controller-runtime v0.19.3 @@ -62,7 +65,6 @@ require ( github.com/prometheus/client_golang v1.20.3 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect - github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/x448/float16 v0.8.4 // indirect @@ -73,7 +75,7 @@ require ( golang.org/x/sys v0.26.0 // indirect golang.org/x/term v0.25.0 // indirect golang.org/x/text v0.19.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.26.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.35.1 // indirect diff --git a/go.sum b/go.sum index b4455c1e2..c97b326d3 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bpfman/bpfman-operator v0.5.5-0.20241023163832-0bf84bbd3927 h1:2odrvZ4MI/tfUkJYAz/d35EiDISbEHsv3360CaF7Rco= +github.com/bpfman/bpfman-operator v0.5.5-0.20241023163832-0bf84bbd3927/go.mod h1:BREOhrpjbTdN3f/3bRx9/YSJsVwz79eUGafR2njaN4Q= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= @@ -18,6 +20,7 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -175,8 +178,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -214,6 +217,8 @@ k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= +k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-aggregator v0.31.2 h1:Uw1zUP2D/4wiSjKWVVzSOcCGLuW/+IdRwjjC0FJooYU= diff --git a/main.go b/main.go index 0fadd5c7f..552316e8b 100644 --- a/main.go +++ b/main.go @@ -25,8 +25,7 @@ import ( _ "net/http/pprof" "os" - // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) - // to ensure that exec-entrypoint and run can make use of them. + bpfmaniov1alpha1 "github.com/bpfman/bpfman-operator/apis/v1alpha1" osv1 "github.com/openshift/api/console/v1" operatorsv1 "github.com/openshift/api/operator/v1" securityv1 "github.com/openshift/api/security/v1" @@ -82,6 +81,7 @@ func init() { utilruntime.Must(operatorsv1.AddToScheme(scheme)) utilruntime.Must(monitoringv1.AddToScheme(scheme)) utilruntime.Must(apiextensionsv1.AddToScheme(scheme)) + utilruntime.Must(bpfmaniov1alpha1.Install(scheme)) //+kubebuilder:scaffold:scheme } diff --git a/pkg/helper/flowcollector.go b/pkg/helper/flowcollector.go index 086187e7d..63f1854e0 100644 --- a/pkg/helper/flowcollector.go +++ b/pkg/helper/flowcollector.go @@ -130,6 +130,9 @@ func IsNetworkEventsEnabled(spec *flowslatest.FlowCollectorEBPF) bool { func IsPacketTranslationEnabled(spec *flowslatest.FlowCollectorEBPF) bool { return IsAgentFeatureEnabled(spec, flowslatest.PacketTranslation) } +func IsEbpfManagerEnabled(spec *flowslatest.FlowCollectorEBPF) bool { + return IsAgentFeatureEnabled(spec, flowslatest.EbpfManager) +} func IsConntrack(spec *flowslatest.FlowCollectorFLP) bool { return spec != nil && spec.LogTypes != nil && *spec.LogTypes != flowslatest.LogTypeFlows diff --git a/pkg/manager/manager.go b/pkg/manager/manager.go index 33f615ded..be603bcf9 100644 --- a/pkg/manager/manager.go +++ b/pkg/manager/manager.go @@ -34,6 +34,7 @@ import ( //+kubebuilder:rbac:groups=loki.grafana.com,resources=network,resourceNames=logs,verbs=get;create //+kubebuilder:rbac:groups=metrics.k8s.io,resources=pods,verbs=create //+kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=bpfman.io,resources=bpfapplications,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:urls="/metrics",verbs=get //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions/status,verbs=update;patch diff --git a/vendor/github.com/bpfman/bpfman-operator/LICENSE b/vendor/github.com/bpfman/bpfman-operator/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/bpfapplication_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/bpfapplication_types.go new file mode 100644 index 000000000..47360ca0c --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/bpfapplication_types.go @@ -0,0 +1,168 @@ +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EBPFProgType defines the supported eBPF program types +type EBPFProgType string + +const ( + // ProgTypeXDP refers to the XDP program type. + ProgTypeXDP EBPFProgType = "XDP" + + // ProgTypeTC refers to the TC program type. + ProgTypeTC EBPFProgType = "TC" + + // ProgTypeTCX refers to the TCx program type. + ProgTypeTCX EBPFProgType = "TCX" + + // ProgTypeFentry refers to the Fentry program type. + ProgTypeFentry EBPFProgType = "Fentry" + + // ProgTypeFexit refers to the Fexit program type. + ProgTypeFexit EBPFProgType = "Fexit" + + // ProgTypeKprobe refers to the Kprobe program type. + ProgTypeKprobe EBPFProgType = "Kprobe" + + // ProgTypeKretprobe refers to the Kprobe program type. + ProgTypeKretprobe EBPFProgType = "Kretprobe" + + // ProgTypeUprobe refers to the Uprobe program type. + ProgTypeUprobe EBPFProgType = "Uprobe" + + // ProgTypeUretprobe refers to the Uretprobe program type. + ProgTypeUretprobe EBPFProgType = "Uretprobe" + + // ProgTypeTracepoint refers to the Tracepoint program type. + ProgTypeTracepoint EBPFProgType = "Tracepoint" +) + +// BpfApplicationProgram defines the desired state of BpfApplication +// +union +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'XDP' ? has(self.xdp) : !has(self.xdp)",message="xdp configuration is required when type is XDP, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TC' ? has(self.tc) : !has(self.tc)",message="tc configuration is required when type is TC, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'TCX' ? has(self.tcx) : !has(self.tcx)",message="tcx configuration is required when type is TCX, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fentry' ? has(self.fentry) : !has(self.fentry)",message="fentry configuration is required when type is Fentry, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Fexit' ? has(self.fexit) : !has(self.fexit)",message="fexit configuration is required when type is Fexit, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kprobe' ? has(self.kprobe) : !has(self.kprobe)",message="kprobe configuration is required when type is Kprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Kretprobe' ? has(self.kretprobe) : !has(self.kretprobe)",message="kretprobe configuration is required when type is Kretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uprobe' ? has(self.uprobe) : !has(self.uprobe)",message="uprobe configuration is required when type is Uprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uretprobe' ? has(self.uretprobe) : !has(self.uretprobe)",message="uretprobe configuration is required when type is Uretprobe, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Tracepoint' ? has(self.tracepoint) : !has(self.tracepoint)",message="tracepoint configuration is required when type is Tracepoint, and forbidden otherwise" +type BpfApplicationProgram struct { + // Type specifies the bpf program type + // +unionDiscriminator + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum:="XDP";"TC";"TCX";"Fentry";"Fexit";"Kprobe";"Kretprobe";"Uprobe";"Uretprobe";"Tracepoint" + Type EBPFProgType `json:"type,omitempty"` + + // xdp defines the desired state of the application's XdpPrograms. + // +unionMember + // +optional + XDP *XdpProgramInfo `json:"xdp,omitempty"` + + // tc defines the desired state of the application's TcPrograms. + // +unionMember + // +optional + TC *TcProgramInfo `json:"tc,omitempty"` + + // tcx defines the desired state of the application's TcxPrograms. + // +unionMember + // +optional + TCX *TcxProgramInfo `json:"tcx,omitempty"` + + // fentry defines the desired state of the application's FentryPrograms. + // +unionMember + // +optional + Fentry *FentryProgramInfo `json:"fentry,omitempty"` + + // fexit defines the desired state of the application's FexitPrograms. + // +unionMember + // +optional + Fexit *FexitProgramInfo `json:"fexit,omitempty"` + + // kprobe defines the desired state of the application's KprobePrograms. + // +unionMember + // +optional + Kprobe *KprobeProgramInfo `json:"kprobe,omitempty"` + + // kretprobe defines the desired state of the application's KretprobePrograms. + // +unionMember + // +optional + Kretprobe *KprobeProgramInfo `json:"kretprobe,omitempty"` + + // uprobe defines the desired state of the application's UprobePrograms. + // +unionMember + // +optional + Uprobe *UprobeProgramInfo `json:"uprobe,omitempty"` + + // uretprobe defines the desired state of the application's UretprobePrograms. + // +unionMember + // +optional + Uretprobe *UprobeProgramInfo `json:"uretprobe,omitempty"` + + // tracepoint defines the desired state of the application's TracepointPrograms. + // +unionMember + // +optional + Tracepoint *TracepointProgramInfo `json:"tracepoint,omitempty"` +} + +// BpfApplicationSpec defines the desired state of BpfApplication +type BpfApplicationSpec struct { + BpfAppCommon `json:",inline"` + + // Programs is a list of bpf programs supported for a specific application. + // It's possible that the application can selectively choose which program(s) + // to run from this list. + // +kubebuilder:validation:MinItems:=1 + Programs []BpfApplicationProgram `json:"programs,omitempty"` +} + +// BpfApplicationStatus defines the observed state of BpfApplication +type BpfApplicationStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// BpfApplication is the Schema for the bpfapplications API +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +type BpfApplication struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec BpfApplicationSpec `json:"spec,omitempty"` + Status BpfApplicationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// BpfApplicationList contains a list of BpfApplications +type BpfApplicationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []BpfApplication `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/bpfprogram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/bpfprogram_types.go new file mode 100644 index 000000000..9fa52c644 --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/bpfprogram_types.go @@ -0,0 +1,71 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// BpfProgram is the Schema for the Bpfprograms API +// +kubebuilder:printcolumn:name="Type",type=string,JSONPath=`.spec.type` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +type BpfProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec BpfProgramSpec `json:"spec"` + // +optional + Status BpfProgramStatus `json:"status,omitempty"` +} + +// BpfProgramSpec defines the desired state of BpfProgram +type BpfProgramSpec struct { + // Type specifies the bpf program type + // +optional + Type string `json:"type,omitempty"` +} + +// BpfProgramStatus defines the observed state of BpfProgram +// TODO Make these a fixed set of metav1.Condition.types and metav1.Condition.reasons +type BpfProgramStatus struct { + // Conditions houses the updates regarding the actual implementation of + // the bpf program on the node + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +} + +//+kubebuilder:object:root=true + +// BpfProgramList contains a list of BpfProgram +type BpfProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []BpfProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/doc.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/doc.go new file mode 100644 index 000000000..18313d2cf --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains API Schema definitions for the +// bpfman.io API group. +// +kubebuilder:object:generate=true +// +groupName=bpfman.io +package v1alpha1 diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/fentryProgram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/fentryProgram_types.go new file mode 100644 index 000000000..4b82fdb43 --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/fentryProgram_types.go @@ -0,0 +1,70 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// FentryProgram is the Schema for the FentryPrograms API +// +kubebuilder:printcolumn:name="BpfFunctionName",type=string,JSONPath=`.spec.bpffunctionname` +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name`,priority=1 +type FentryProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec FentryProgramSpec `json:"spec"` + // +optional + Status FentryProgramStatus `json:"status,omitempty"` +} + +// FentryProgramSpec defines the desired state of FentryProgram +// +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name` +type FentryProgramSpec struct { + FentryProgramInfo `json:",inline"` + BpfAppCommon `json:",inline"` +} + +// FentryProgramInfo defines the Fentry program details +type FentryProgramInfo struct { + BpfProgramCommon `json:",inline"` + // Function to attach the fentry to. + FunctionName string `json:"func_name"` +} + +// FentryProgramStatus defines the observed state of FentryProgram +type FentryProgramStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +kubebuilder:object:root=true +// FentryProgramList contains a list of FentryPrograms +type FentryProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []FentryProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/fexitProgram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/fexitProgram_types.go new file mode 100644 index 000000000..97467996e --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/fexitProgram_types.go @@ -0,0 +1,70 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// FexitProgram is the Schema for the FexitPrograms API +// +kubebuilder:printcolumn:name="BpfFunctionName",type=string,JSONPath=`.spec.bpffunctionname` +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name`,priority=1 +type FexitProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec FexitProgramSpec `json:"spec"` + // +optional + Status FexitProgramStatus `json:"status,omitempty"` +} + +// FexitProgramSpec defines the desired state of FexitProgram +// +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name` +type FexitProgramSpec struct { + FexitProgramInfo `json:",inline"` + BpfAppCommon `json:",inline"` +} + +// FexitProgramInfo defines the Fexit program details +type FexitProgramInfo struct { + BpfProgramCommon `json:",inline"` + // Function to attach the fexit to. + FunctionName string `json:"func_name"` +} + +// FexitProgramStatus defines the observed state of FexitProgram +type FexitProgramStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +kubebuilder:object:root=true +// FexitProgramList contains a list of FexitPrograms +type FexitProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []FexitProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/kprobeProgram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/kprobeProgram_types.go new file mode 100644 index 000000000..b427e9c44 --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/kprobeProgram_types.go @@ -0,0 +1,91 @@ +/* +Copyright 2023. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// KprobeProgram is the Schema for the KprobePrograms API +// +kubebuilder:printcolumn:name="BpfFunctionName",type=string,JSONPath=`.spec.bpffunctionname` +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name`,priority=1 +// +kubebuilder:printcolumn:name="Offset",type=integer,JSONPath=`.spec.offset`,priority=1 +// +kubebuilder:printcolumn:name="RetProbe",type=boolean,JSONPath=`.spec.retprobe`,priority=1 +type KprobeProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec KprobeProgramSpec `json:"spec"` + // +optional + Status KprobeProgramStatus `json:"status,omitempty"` +} + +// KprobeProgramSpec defines the desired state of KprobeProgram +// +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name` +// +kubebuilder:printcolumn:name="Offset",type=integer,JSONPath=`.spec.offset` +// +kubebuilder:printcolumn:name="RetProbe",type=boolean,JSONPath=`.spec.retprobe` +// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0" +type KprobeProgramSpec struct { + KprobeProgramInfo `json:",inline"` + BpfAppCommon `json:",inline"` +} + +// KprobeProgramInfo defines the common fields for KprobeProgram +type KprobeProgramInfo struct { + BpfProgramCommon `json:",inline"` + + // Functions to attach the kprobe to. + FunctionName string `json:"func_name"` + + // Offset added to the address of the function for kprobe. + // Not allowed for kretprobes. + // +optional + // +kubebuilder:default:=0 + Offset uint64 `json:"offset"` + + // Whether the program is a kretprobe. Default is false + // +optional + // +kubebuilder:default:=false + RetProbe bool `json:"retprobe"` + + // // Host PID of container to attach the uprobe in. (Not supported yet by bpfman.) + // // +optional + // ContainerPid string `json:"containerpid"` +} + +// KprobeProgramStatus defines the observed state of KprobeProgram +type KprobeProgramStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +kubebuilder:object:root=true +// KprobeProgramList contains a list of KprobePrograms +type KprobeProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []KprobeProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/shared_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/shared_types.go new file mode 100644 index 000000000..c31bd8eb4 --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/shared_types.go @@ -0,0 +1,368 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// InterfaceSelector defines interface to attach to. +// +kubebuilder:validation:MaxProperties=1 +// +kubebuilder:validation:MinProperties=1 +type InterfaceSelector struct { + // Interfaces refers to a list of network interfaces to attach the BPF + // program to. + // +optional + Interfaces *[]string `json:"interfaces,omitempty"` + + // Attach BPF program to the primary interface on the node. Only 'true' accepted. + // +optional + PrimaryNodeInterface *bool `json:"primarynodeinterface,omitempty"` +} + +// ContainerSelector identifies a set of containers. For example, this can be +// used to identify a set of containers in which to attach uprobes. +type ContainerSelector struct { + // Target namespaces. + // +optional + // +kubebuilder:default:="" + Namespace string `json:"namespace"` + + // Target pods. This field must be specified, to select all pods use + // standard metav1.LabelSelector semantics and make it empty. + Pods metav1.LabelSelector `json:"pods"` + + // Name(s) of container(s). If none are specified, all containers in the + // pod are selected. + // +optional + ContainerNames *[]string `json:"containernames,omitempty"` +} + +// BpfProgramCommon defines the common attributes for all BPF programs +type BpfProgramCommon struct { + // BpfFunctionName is the name of the function that is the entry point for the BPF + // program + BpfFunctionName string `json:"bpffunctionname"` + + // MapOwnerSelector is used to select the loaded eBPF program this eBPF program + // will share a map with. The value is a label applied to the BpfProgram to select. + // The selector must resolve to exactly one instance of a BpfProgram on a given node + // or the eBPF program will not load. + // +optional + MapOwnerSelector metav1.LabelSelector `json:"mapownerselector"` +} + +// BpfAppCommon defines the common attributes for all BpfApp programs +type BpfAppCommon struct { + // NodeSelector allows the user to specify which nodes to deploy the + // bpf program to. This field must be specified, to select all nodes + // use standard metav1.LabelSelector semantics and make it empty. + NodeSelector metav1.LabelSelector `json:"nodeselector"` + + // GlobalData allows the user to set global variables when the program is loaded + // with an array of raw bytes. This is a very low level primitive. The caller + // is responsible for formatting the byte string appropriately considering + // such things as size, endianness, alignment and packing of data structures. + // +optional + GlobalData map[string][]byte `json:"globaldata,omitempty"` + + // Bytecode configures where the bpf program's bytecode should be loaded + // from. + ByteCode BytecodeSelector `json:"bytecode"` +} + +// BpfProgramStatusCommon defines the BpfProgram status +type BpfProgramStatusCommon struct { + // Conditions houses the global cluster state for the eBPFProgram. The explicit + // condition types are defined internally. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +} + +// PullPolicy describes a policy for if/when to pull a container image +// +kubebuilder:validation:Enum=Always;Never;IfNotPresent +type PullPolicy string + +const ( + // PullAlways means that bpfman always attempts to pull the latest bytecode image. Container will fail If the pull fails. + PullAlways PullPolicy = "Always" + // PullNever means that bpfman never pulls an image, but only uses a local image. Container will fail if the image isn't present + PullNever PullPolicy = "Never" + // PullIfNotPresent means that bpfman pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. + PullIfNotPresent PullPolicy = "IfNotPresent" +) + +// BytecodeSelector defines the various ways to reference bpf bytecode objects. +type BytecodeSelector struct { + // Image used to specify a bytecode container image. + Image *BytecodeImage `json:"image,omitempty"` + + // Path is used to specify a bytecode object via filepath. + Path *string `json:"path,omitempty"` +} + +// BytecodeImage defines how to specify a bytecode container image. +type BytecodeImage struct { + // Valid container image URL used to reference a remote bytecode image. + Url string `json:"url"` + + // PullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent. + // +kubebuilder:default:=IfNotPresent + // +optional + ImagePullPolicy PullPolicy `json:"imagepullpolicy"` + + // ImagePullSecret is the name of the secret bpfman should use to get remote image + // repository secrets. + // +optional + ImagePullSecret *ImagePullSecretSelector `json:"imagepullsecret,omitempty"` +} + +// ImagePullSecretSelector defines the name and namespace of an image pull secret. +type ImagePullSecretSelector struct { + // Name of the secret which contains the credentials to access the image repository. + Name string `json:"name"` + + // Namespace of the secret which contains the credentials to access the image repository. + Namespace string `json:"namespace"` +} + +// ----------------------------------------------------------------------------- +// Status Conditions - BPF Programs +// ----------------------------------------------------------------------------- + +// ProgramConditionType is a condition type to indicate the status of a BPF +// program at the cluster level. +type ProgramConditionType string + +const ( + // ProgramNotYetLoaded indicates that the program in question has not + // yet been loaded on all nodes in the cluster. + ProgramNotYetLoaded ProgramConditionType = "NotYetLoaded" + + // ProgramReconcileError indicates that an unforeseen situation has + // occurred in the controller logic, and the controller will retry. + ProgramReconcileError ProgramConditionType = "ReconcileError" + + // BpfmanProgConfigReconcileSuccess indicates that the BPF program has been + // successfully reconciled. + // + // TODO: we should consider removing "reconciled" type logic from the + // public API as it's an implementation detail of our use of controller + // runtime, but not necessarily relevant to human users or integrations. + // + // See: https://github.com/bpfman/bpfman/issues/430 + ProgramReconcileSuccess ProgramConditionType = "ReconcileSuccess" + + // ProgramDeleteError indicates that the BPF program was marked for + // deletion, but deletion was unsuccessful. + ProgramDeleteError ProgramConditionType = "DeleteError" +) + +// Condition is a helper method to promote any given ProgramConditionType to +// a full metav1.Condition in an opinionated fashion. +// +// TODO: this was created in the early days to provide at least SOME status +// information to the user, but the hardcoded messages need to be replaced +// in the future with dynamic and situation-aware messages later. +// +// See: https://github.com/bpfman/bpfman/issues/430 +func (b ProgramConditionType) Condition(message string) metav1.Condition { + cond := metav1.Condition{} + + switch b { + case ProgramNotYetLoaded: + if len(message) == 0 { + message = "Waiting for Program Object to be reconciled to all nodes" + } + + cond = metav1.Condition{ + Type: string(ProgramNotYetLoaded), + Status: metav1.ConditionTrue, + Reason: "ProgramsNotYetLoaded", + Message: message, + } + case ProgramReconcileError: + if len(message) == 0 { + message = "bpfProgramReconciliation failed" + } + + cond = metav1.Condition{ + Type: string(ProgramReconcileError), + Status: metav1.ConditionTrue, + Reason: "ReconcileError", + Message: message, + } + case ProgramReconcileSuccess: + if len(message) == 0 { + message = "bpfProgramReconciliation Succeeded on all nodes" + } + + cond = metav1.Condition{ + Type: string(ProgramReconcileSuccess), + Status: metav1.ConditionTrue, + Reason: "ReconcileSuccess", + Message: message, + } + case ProgramDeleteError: + if len(message) == 0 { + message = "Program Deletion failed" + } + + cond = metav1.Condition{ + Type: string(ProgramDeleteError), + Status: metav1.ConditionTrue, + Reason: "DeleteError", + Message: message, + } + } + + return cond +} + +// BpfProgramConditionType is a condition type to indicate the status of a BPF +// program at the individual node level. +type BpfProgramConditionType string + +const ( + // BpfProgCondLoaded indicates that the eBPF program was successfully loaded + // into the kernel on a specific node. + BpfProgCondLoaded BpfProgramConditionType = "Loaded" + + // BpfProgCondNotLoaded indicates that the eBPF program has not yet been + // loaded into the kernel on a specific node. + BpfProgCondNotLoaded BpfProgramConditionType = "NotLoaded" + + // BpfProgCondUnloaded indicates that in the midst of trying to remove the + // eBPF program from the kernel on the node, that program has not yet been + // removed. + BpfProgCondNotUnloaded BpfProgramConditionType = "NotUnLoaded" + + // BpfProgCondNotSelected indicates that the eBPF program is not scheduled to be loaded + // on a specific node. + BpfProgCondNotSelected BpfProgramConditionType = "NotSelected" + + // BpfProgCondUnloaded indicates that the eBPF program has been unloaded from + // the kernel on a specific node. + BpfProgCondUnloaded BpfProgramConditionType = "Unloaded" + + // BpfProgCondMapOwnerNotFound indicates that the eBPF program sharing a map with another + // eBPF program and that program does not exist. + BpfProgCondMapOwnerNotFound BpfProgramConditionType = "MapOwnerNotFound" + + // BpfProgCondMapOwnerNotLoaded indicates that the eBPF program sharing a map with another + // eBPF program and that program is not loaded. + BpfProgCondMapOwnerNotLoaded BpfProgramConditionType = "MapOwnerNotLoaded" + + // BpfProgCondBytecodeSelectorError indicates that an error occurred when trying to + // process the bytecode selector. + BpfProgCondBytecodeSelectorError BpfProgramConditionType = "BytecodeSelectorError" + + // BpfProgCondNoContainersOnNode indicates that there are no containers on the node + // that match the container selector. + BpfProgCondNoContainersOnNode BpfProgramConditionType = "NoContainersOnNode" + + // None of the above conditions apply + BpfProgCondNone BpfProgramConditionType = "None" +) + +// Condition is a helper method to promote any given BpfProgramConditionType to +// a full metav1.Condition in an opinionated fashion. +func (b BpfProgramConditionType) Condition() metav1.Condition { + cond := metav1.Condition{} + + switch b { + case BpfProgCondLoaded: + cond = metav1.Condition{ + Type: string(BpfProgCondLoaded), + Status: metav1.ConditionTrue, + Reason: "bpfmanLoaded", + Message: "Successfully loaded bpfProgram", + } + case BpfProgCondNotLoaded: + cond = metav1.Condition{ + Type: string(BpfProgCondNotLoaded), + Status: metav1.ConditionTrue, + Reason: "bpfmanNotLoaded", + Message: "Failed to load bpfProgram", + } + case BpfProgCondNotUnloaded: + cond = metav1.Condition{ + Type: string(BpfProgCondNotUnloaded), + Status: metav1.ConditionTrue, + Reason: "bpfmanNotUnloaded", + Message: "Failed to unload bpfProgram", + } + case BpfProgCondNotSelected: + cond = metav1.Condition{ + Type: string(BpfProgCondNotSelected), + Status: metav1.ConditionTrue, + Reason: "nodeNotSelected", + Message: "This node is not selected to run the bpfProgram", + } + case BpfProgCondUnloaded: + cond = metav1.Condition{ + Type: string(BpfProgCondUnloaded), + Status: metav1.ConditionTrue, + Reason: "bpfmanUnloaded", + Message: "This BpfProgram object and all it's bpfman programs have been unloaded", + } + case BpfProgCondMapOwnerNotFound: + cond = metav1.Condition{ + Type: string(BpfProgCondMapOwnerNotFound), + Status: metav1.ConditionTrue, + Reason: "mapOwnerNotFound", + Message: "BpfProgram map owner not found", + } + case BpfProgCondMapOwnerNotLoaded: + cond = metav1.Condition{ + Type: string(BpfProgCondMapOwnerNotLoaded), + Status: metav1.ConditionTrue, + Reason: "mapOwnerNotLoaded", + Message: "BpfProgram map owner not loaded", + } + + case BpfProgCondBytecodeSelectorError: + cond = metav1.Condition{ + Type: string(BpfProgCondBytecodeSelectorError), + Status: metav1.ConditionTrue, + Reason: "bytecodeSelectorError", + Message: "There was an error processing the provided bytecode selector", + } + + case BpfProgCondNoContainersOnNode: + cond = metav1.Condition{ + Type: string(BpfProgCondNoContainersOnNode), + Status: metav1.ConditionTrue, + Reason: "noContainersOnNode", + Message: "There are no containers on the node that match the container selector", + } + + case BpfProgCondNone: + cond = metav1.Condition{ + Type: string(BpfProgCondNone), + Status: metav1.ConditionTrue, + Reason: "None", + Message: "None of the conditions apply", + } + } + + return cond +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tcProgram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tcProgram_types.go new file mode 100644 index 000000000..24ed566ab --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tcProgram_types.go @@ -0,0 +1,95 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// TcProgram is the Schema for the TcProgram API +// +kubebuilder:printcolumn:name="BpfFunctionName",type=string,JSONPath=`.spec.bpffunctionname` +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=`.spec.priority`,priority=1 +// +kubebuilder:printcolumn:name="Direction",type=string,JSONPath=`.spec.direction`,priority=1 +// +kubebuilder:printcolumn:name="InterfaceSelector",type=string,JSONPath=`.spec.interfaceselector`,priority=1 +// +kubebuilder:printcolumn:name="ProceedOn",type=string,JSONPath=`.spec.proceedon`,priority=1 +type TcProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TcProgramSpec `json:"spec"` + // +optional + Status TcProgramStatus `json:"status,omitempty"` +} + +// +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return +type TcProceedOnValue string + +// TcProgramSpec defines the desired state of TcProgram +type TcProgramSpec struct { + TcProgramInfo `json:",inline"` + BpfAppCommon `json:",inline"` +} + +// TcProgramInfo defines the tc program details +type TcProgramInfo struct { + BpfProgramCommon `json:",inline"` + + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceselector"` + + // Priority specifies the priority of the tc program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // Direction specifies the direction of traffic the tc program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // ProceedOn allows the user to call other tc programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +optional + // +kubebuilder:validation:MaxItems=11 + // +kubebuilder:default:={pipe,dispatcher_return} + ProceedOn []TcProceedOnValue `json:"proceedon"` +} + +// TcProgramStatus defines the observed state of TcProgram +type TcProgramStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +kubebuilder:object:root=true +// TcProgramList contains a list of TcPrograms +type TcProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TcProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tcxProgram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tcxProgram_types.go new file mode 100644 index 000000000..08648ae87 --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tcxProgram_types.go @@ -0,0 +1,85 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// TcxProgram is the Schema for the TcxProgram API +// +kubebuilder:printcolumn:name="BpfFunctionName",type=string,JSONPath=`.spec.bpffunctionname` +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Direction",type=string,JSONPath=`.spec.direction`,priority=1 +// +kubebuilder:printcolumn:name="InterfaceSelector",type=string,JSONPath=`.spec.interfaceselector`,priority=1 +// +kubebuilder:printcolumn:name="Position",type=string,JSONPath=`.spec.position`,priority=1 +// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=`.spec.priority`,priority=1 +type TcxProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TcxProgramSpec `json:"spec"` + // +optional + Status TcxProgramStatus `json:"status,omitempty"` +} + +// TcxProgramSpec defines the desired state of TcxProgram +type TcxProgramSpec struct { + TcxProgramInfo `json:",inline"` + BpfAppCommon `json:",inline"` +} + +// TcxProgramInfo defines the tc program details +type TcxProgramInfo struct { + BpfProgramCommon `json:",inline"` + + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceselector"` + + // Direction specifies the direction of traffic the tcx program should + // attach to for a given network device. + // +kubebuilder:validation:Enum=ingress;egress + Direction string `json:"direction"` + + // Priority specifies the priority of the tc program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` +} + +// TcxProgramStatus defines the observed state of TcProgram +type TcxProgramStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +kubebuilder:object:root=true +// TcxProgramList contains a list of TcxPrograms +type TcxProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TcxProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tracepointProgram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tracepointProgram_types.go new file mode 100644 index 000000000..e692192a8 --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/tracepointProgram_types.go @@ -0,0 +1,72 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// TracepointProgram is the Schema for the TracepointPrograms API +// +kubebuilder:printcolumn:name="BpfFunctionName",type=string,JSONPath=`.spec.bpffunctionname` +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="TracePoint",type=string,JSONPath=`.spec.name`,priority=1 +type TracepointProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TracepointProgramSpec `json:"spec"` + // +optional + Status TracepointProgramStatus `json:"status,omitempty"` +} + +// TracepointProgramSpec defines the desired state of TracepointProgram +// +kubebuilder:printcolumn:name="TracePoint",type=string,JSONPath=`.spec.name` +type TracepointProgramSpec struct { + TracepointProgramInfo `json:",inline"` + BpfAppCommon `json:",inline"` +} + +// TracepointProgramInfo defines the Tracepoint program details +type TracepointProgramInfo struct { + BpfProgramCommon `json:",inline"` + + // Names refers to the names of kernel tracepoints to attach the + // bpf program to. + Names []string `json:"names"` +} + +// TracepointProgramStatus defines the observed state of TracepointProgram +type TracepointProgramStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +kubebuilder:object:root=true +// TracepointProgramList contains a list of TracepointPrograms +type TracepointProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TracepointProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/uprobeProgram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/uprobeProgram_types.go new file mode 100644 index 000000000..b98500aad --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/uprobeProgram_types.go @@ -0,0 +1,107 @@ +/* +Copyright 2023. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// UprobeProgram is the Schema for the UprobePrograms API +// +kubebuilder:printcolumn:name="BpfFunctionName",type=string,JSONPath=`.spec.bpffunctionname` +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name`,priority=1 +// +kubebuilder:printcolumn:name="Offset",type=integer,JSONPath=`.spec.offset`,priority=1 +// +kubebuilder:printcolumn:name="Target",type=string,JSONPath=`.spec.target`,priority=1 +// +kubebuilder:printcolumn:name="RetProbe",type=boolean,JSONPath=`.spec.retprobe`,priority=1 +// +kubebuilder:printcolumn:name="Pid",type=integer,JSONPath=`.spec.pid`,priority=1 +type UprobeProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec UprobeProgramSpec `json:"spec"` + // +optional + Status UprobeProgramStatus `json:"status,omitempty"` +} + +// UprobeProgramSpec defines the desired state of UprobeProgram +// +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name` +// +kubebuilder:printcolumn:name="Offset",type=integer,JSONPath=`.spec.offset` +// +kubebuilder:printcolumn:name="Target",type=string,JSONPath=`.spec.target` +// +kubebuilder:printcolumn:name="RetProbe",type=boolean,JSONPath=`.spec.retprobe` +// +kubebuilder:printcolumn:name="Pid",type=integer,JSONPath=`.spec.pid` +type UprobeProgramSpec struct { + UprobeProgramInfo `json:",inline"` + BpfAppCommon `json:",inline"` +} + +// UprobeProgramInfo contains the information about the uprobe program +type UprobeProgramInfo struct { + BpfProgramCommon `json:",inline"` + + // Function to attach the uprobe to. + // +optional + FunctionName string `json:"func_name"` + + // Offset added to the address of the function for uprobe. + // +optional + // +kubebuilder:default:=0 + Offset uint64 `json:"offset"` + + // Library name or the absolute path to a binary or library. + Target string `json:"target"` + + // Whether the program is a uretprobe. Default is false + // +optional + // +kubebuilder:default:=false + RetProbe bool `json:"retprobe"` + + // Only execute uprobe for given process identification number (PID). If PID + // is not provided, uprobe executes for all PIDs. + // +optional + Pid int32 `json:"pid"` + + // Containers identifes the set of containers in which to attach the uprobe. + // If Containers is not specified, the uprobe will be attached in the + // bpfman-agent container. The ContainerSelector is very flexible and even + // allows the selection of all containers in a cluster. If an attempt is + // made to attach uprobes to too many containers, it can have a negative + // impact on on the cluster. + // +optional + Containers *ContainerSelector `json:"containers"` +} + +// UprobeProgramStatus defines the observed state of UprobeProgram +type UprobeProgramStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +kubebuilder:object:root=true +// UprobeProgramList contains a list of UprobePrograms +type UprobeProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []UprobeProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/xdpProgram_types.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/xdpProgram_types.go new file mode 100644 index 000000000..8ec1ac072 --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/xdpProgram_types.go @@ -0,0 +1,89 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// All fields are required unless explicitly marked optional +// +kubebuilder:validation:Required +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status +//+kubebuilder:resource:scope=Cluster + +// XdpProgram is the Schema for the XdpPrograms API +// +kubebuilder:printcolumn:name="BpfFunctionName",type=string,JSONPath=`.spec.bpffunctionname` +// +kubebuilder:printcolumn:name="NodeSelector",type=string,JSONPath=`.spec.nodeselector` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[0].reason` +// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=`.spec.priority`,priority=1 +// +kubebuilder:printcolumn:name="InterfaceSelector",type=string,JSONPath=`.spec.interfaceselector`,priority=1 +// +kubebuilder:printcolumn:name="ProceedOn",type=string,JSONPath=`.spec.proceedon`,priority=1 +type XdpProgram struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec XdpProgramSpec `json:"spec"` + // +optional + Status XdpProgramStatus `json:"status,omitempty"` +} + +// +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return +type XdpProceedOnValue string + +// XdpProgramSpec defines the desired state of XdpProgram +type XdpProgramSpec struct { + XdpProgramInfo `json:",inline"` + BpfAppCommon `json:",inline"` +} + +// XdpProgramInfo defines the common fields for all XdpProgram types +type XdpProgramInfo struct { + BpfProgramCommon `json:",inline"` + // Selector to determine the network interface (or interfaces) + InterfaceSelector InterfaceSelector `json:"interfaceselector"` + + // Priority specifies the priority of the bpf program in relation to + // other programs of the same type with the same attach point. It is a value + // from 0 to 1000 where lower values have higher precedence. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=1000 + Priority int32 `json:"priority"` + + // ProceedOn allows the user to call other xdp programs in chain on this exit code. + // Multiple values are supported by repeating the parameter. + // +optional + // +kubebuilder:validation:MaxItems=6 + // +kubebuilder:default:={pass,dispatcher_return} + + ProceedOn []XdpProceedOnValue `json:"proceedon"` +} + +// XdpProgramStatus defines the observed state of XdpProgram +type XdpProgramStatus struct { + BpfProgramStatusCommon `json:",inline"` +} + +// +kubebuilder:object:root=true +// XdpProgramList contains a list of XdpPrograms +type XdpProgramList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []XdpProgram `json:"items"` +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 000000000..80f3b52cd --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,1357 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfAppCommon) DeepCopyInto(out *BpfAppCommon) { + *out = *in + in.NodeSelector.DeepCopyInto(&out.NodeSelector) + if in.GlobalData != nil { + in, out := &in.GlobalData, &out.GlobalData + *out = make(map[string][]byte, len(*in)) + for key, val := range *in { + var outVal []byte + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = make([]byte, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + in.ByteCode.DeepCopyInto(&out.ByteCode) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfAppCommon. +func (in *BpfAppCommon) DeepCopy() *BpfAppCommon { + if in == nil { + return nil + } + out := new(BpfAppCommon) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplication) DeepCopyInto(out *BpfApplication) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplication. +func (in *BpfApplication) DeepCopy() *BpfApplication { + if in == nil { + return nil + } + out := new(BpfApplication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BpfApplication) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationList) DeepCopyInto(out *BpfApplicationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BpfApplication, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationList. +func (in *BpfApplicationList) DeepCopy() *BpfApplicationList { + if in == nil { + return nil + } + out := new(BpfApplicationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BpfApplicationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationProgram) DeepCopyInto(out *BpfApplicationProgram) { + *out = *in + if in.XDP != nil { + in, out := &in.XDP, &out.XDP + *out = new(XdpProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.TC != nil { + in, out := &in.TC, &out.TC + *out = new(TcProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.TCX != nil { + in, out := &in.TCX, &out.TCX + *out = new(TcxProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.Fentry != nil { + in, out := &in.Fentry, &out.Fentry + *out = new(FentryProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.Fexit != nil { + in, out := &in.Fexit, &out.Fexit + *out = new(FexitProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.Kprobe != nil { + in, out := &in.Kprobe, &out.Kprobe + *out = new(KprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.Kretprobe != nil { + in, out := &in.Kretprobe, &out.Kretprobe + *out = new(KprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.Uprobe != nil { + in, out := &in.Uprobe, &out.Uprobe + *out = new(UprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.Uretprobe != nil { + in, out := &in.Uretprobe, &out.Uretprobe + *out = new(UprobeProgramInfo) + (*in).DeepCopyInto(*out) + } + if in.Tracepoint != nil { + in, out := &in.Tracepoint, &out.Tracepoint + *out = new(TracepointProgramInfo) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationProgram. +func (in *BpfApplicationProgram) DeepCopy() *BpfApplicationProgram { + if in == nil { + return nil + } + out := new(BpfApplicationProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationSpec) DeepCopyInto(out *BpfApplicationSpec) { + *out = *in + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) + if in.Programs != nil { + in, out := &in.Programs, &out.Programs + *out = make([]BpfApplicationProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationSpec. +func (in *BpfApplicationSpec) DeepCopy() *BpfApplicationSpec { + if in == nil { + return nil + } + out := new(BpfApplicationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfApplicationStatus) DeepCopyInto(out *BpfApplicationStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationStatus. +func (in *BpfApplicationStatus) DeepCopy() *BpfApplicationStatus { + if in == nil { + return nil + } + out := new(BpfApplicationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfProgram) DeepCopyInto(out *BpfProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgram. +func (in *BpfProgram) DeepCopy() *BpfProgram { + if in == nil { + return nil + } + out := new(BpfProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BpfProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfProgramCommon) DeepCopyInto(out *BpfProgramCommon) { + *out = *in + in.MapOwnerSelector.DeepCopyInto(&out.MapOwnerSelector) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgramCommon. +func (in *BpfProgramCommon) DeepCopy() *BpfProgramCommon { + if in == nil { + return nil + } + out := new(BpfProgramCommon) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfProgramList) DeepCopyInto(out *BpfProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]BpfProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgramList. +func (in *BpfProgramList) DeepCopy() *BpfProgramList { + if in == nil { + return nil + } + out := new(BpfProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BpfProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfProgramSpec) DeepCopyInto(out *BpfProgramSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgramSpec. +func (in *BpfProgramSpec) DeepCopy() *BpfProgramSpec { + if in == nil { + return nil + } + out := new(BpfProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfProgramStatus) DeepCopyInto(out *BpfProgramStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgramStatus. +func (in *BpfProgramStatus) DeepCopy() *BpfProgramStatus { + if in == nil { + return nil + } + out := new(BpfProgramStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfProgramStatusCommon) DeepCopyInto(out *BpfProgramStatusCommon) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgramStatusCommon. +func (in *BpfProgramStatusCommon) DeepCopy() *BpfProgramStatusCommon { + if in == nil { + return nil + } + out := new(BpfProgramStatusCommon) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BytecodeImage) DeepCopyInto(out *BytecodeImage) { + *out = *in + if in.ImagePullSecret != nil { + in, out := &in.ImagePullSecret, &out.ImagePullSecret + *out = new(ImagePullSecretSelector) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BytecodeImage. +func (in *BytecodeImage) DeepCopy() *BytecodeImage { + if in == nil { + return nil + } + out := new(BytecodeImage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BytecodeSelector) DeepCopyInto(out *BytecodeSelector) { + *out = *in + if in.Image != nil { + in, out := &in.Image, &out.Image + *out = new(BytecodeImage) + (*in).DeepCopyInto(*out) + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BytecodeSelector. +func (in *BytecodeSelector) DeepCopy() *BytecodeSelector { + if in == nil { + return nil + } + out := new(BytecodeSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerSelector) DeepCopyInto(out *ContainerSelector) { + *out = *in + in.Pods.DeepCopyInto(&out.Pods) + if in.ContainerNames != nil { + in, out := &in.ContainerNames, &out.ContainerNames + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerSelector. +func (in *ContainerSelector) DeepCopy() *ContainerSelector { + if in == nil { + return nil + } + out := new(ContainerSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FentryProgram) DeepCopyInto(out *FentryProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgram. +func (in *FentryProgram) DeepCopy() *FentryProgram { + if in == nil { + return nil + } + out := new(FentryProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FentryProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FentryProgramInfo) DeepCopyInto(out *FentryProgramInfo) { + *out = *in + in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgramInfo. +func (in *FentryProgramInfo) DeepCopy() *FentryProgramInfo { + if in == nil { + return nil + } + out := new(FentryProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FentryProgramList) DeepCopyInto(out *FentryProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]FentryProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgramList. +func (in *FentryProgramList) DeepCopy() *FentryProgramList { + if in == nil { + return nil + } + out := new(FentryProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FentryProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FentryProgramSpec) DeepCopyInto(out *FentryProgramSpec) { + *out = *in + in.FentryProgramInfo.DeepCopyInto(&out.FentryProgramInfo) + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgramSpec. +func (in *FentryProgramSpec) DeepCopy() *FentryProgramSpec { + if in == nil { + return nil + } + out := new(FentryProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FentryProgramStatus) DeepCopyInto(out *FentryProgramStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgramStatus. +func (in *FentryProgramStatus) DeepCopy() *FentryProgramStatus { + if in == nil { + return nil + } + out := new(FentryProgramStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FexitProgram) DeepCopyInto(out *FexitProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgram. +func (in *FexitProgram) DeepCopy() *FexitProgram { + if in == nil { + return nil + } + out := new(FexitProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FexitProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FexitProgramInfo) DeepCopyInto(out *FexitProgramInfo) { + *out = *in + in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgramInfo. +func (in *FexitProgramInfo) DeepCopy() *FexitProgramInfo { + if in == nil { + return nil + } + out := new(FexitProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FexitProgramList) DeepCopyInto(out *FexitProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]FexitProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgramList. +func (in *FexitProgramList) DeepCopy() *FexitProgramList { + if in == nil { + return nil + } + out := new(FexitProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FexitProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FexitProgramSpec) DeepCopyInto(out *FexitProgramSpec) { + *out = *in + in.FexitProgramInfo.DeepCopyInto(&out.FexitProgramInfo) + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgramSpec. +func (in *FexitProgramSpec) DeepCopy() *FexitProgramSpec { + if in == nil { + return nil + } + out := new(FexitProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FexitProgramStatus) DeepCopyInto(out *FexitProgramStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgramStatus. +func (in *FexitProgramStatus) DeepCopy() *FexitProgramStatus { + if in == nil { + return nil + } + out := new(FexitProgramStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImagePullSecretSelector) DeepCopyInto(out *ImagePullSecretSelector) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePullSecretSelector. +func (in *ImagePullSecretSelector) DeepCopy() *ImagePullSecretSelector { + if in == nil { + return nil + } + out := new(ImagePullSecretSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InterfaceSelector) DeepCopyInto(out *InterfaceSelector) { + *out = *in + if in.Interfaces != nil { + in, out := &in.Interfaces, &out.Interfaces + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } + if in.PrimaryNodeInterface != nil { + in, out := &in.PrimaryNodeInterface, &out.PrimaryNodeInterface + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterfaceSelector. +func (in *InterfaceSelector) DeepCopy() *InterfaceSelector { + if in == nil { + return nil + } + out := new(InterfaceSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KprobeProgram) DeepCopyInto(out *KprobeProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgram. +func (in *KprobeProgram) DeepCopy() *KprobeProgram { + if in == nil { + return nil + } + out := new(KprobeProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KprobeProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KprobeProgramInfo) DeepCopyInto(out *KprobeProgramInfo) { + *out = *in + in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgramInfo. +func (in *KprobeProgramInfo) DeepCopy() *KprobeProgramInfo { + if in == nil { + return nil + } + out := new(KprobeProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KprobeProgramList) DeepCopyInto(out *KprobeProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KprobeProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgramList. +func (in *KprobeProgramList) DeepCopy() *KprobeProgramList { + if in == nil { + return nil + } + out := new(KprobeProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KprobeProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KprobeProgramSpec) DeepCopyInto(out *KprobeProgramSpec) { + *out = *in + in.KprobeProgramInfo.DeepCopyInto(&out.KprobeProgramInfo) + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgramSpec. +func (in *KprobeProgramSpec) DeepCopy() *KprobeProgramSpec { + if in == nil { + return nil + } + out := new(KprobeProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KprobeProgramStatus) DeepCopyInto(out *KprobeProgramStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgramStatus. +func (in *KprobeProgramStatus) DeepCopy() *KprobeProgramStatus { + if in == nil { + return nil + } + out := new(KprobeProgramStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcProgram) DeepCopyInto(out *TcProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgram. +func (in *TcProgram) DeepCopy() *TcProgram { + if in == nil { + return nil + } + out := new(TcProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TcProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcProgramInfo) DeepCopyInto(out *TcProgramInfo) { + *out = *in + in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]TcProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgramInfo. +func (in *TcProgramInfo) DeepCopy() *TcProgramInfo { + if in == nil { + return nil + } + out := new(TcProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcProgramList) DeepCopyInto(out *TcProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TcProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgramList. +func (in *TcProgramList) DeepCopy() *TcProgramList { + if in == nil { + return nil + } + out := new(TcProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TcProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcProgramSpec) DeepCopyInto(out *TcProgramSpec) { + *out = *in + in.TcProgramInfo.DeepCopyInto(&out.TcProgramInfo) + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgramSpec. +func (in *TcProgramSpec) DeepCopy() *TcProgramSpec { + if in == nil { + return nil + } + out := new(TcProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcProgramStatus) DeepCopyInto(out *TcProgramStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgramStatus. +func (in *TcProgramStatus) DeepCopy() *TcProgramStatus { + if in == nil { + return nil + } + out := new(TcProgramStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxProgram) DeepCopyInto(out *TcxProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgram. +func (in *TcxProgram) DeepCopy() *TcxProgram { + if in == nil { + return nil + } + out := new(TcxProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TcxProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxProgramInfo) DeepCopyInto(out *TcxProgramInfo) { + *out = *in + in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgramInfo. +func (in *TcxProgramInfo) DeepCopy() *TcxProgramInfo { + if in == nil { + return nil + } + out := new(TcxProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxProgramList) DeepCopyInto(out *TcxProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TcxProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgramList. +func (in *TcxProgramList) DeepCopy() *TcxProgramList { + if in == nil { + return nil + } + out := new(TcxProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TcxProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxProgramSpec) DeepCopyInto(out *TcxProgramSpec) { + *out = *in + in.TcxProgramInfo.DeepCopyInto(&out.TcxProgramInfo) + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgramSpec. +func (in *TcxProgramSpec) DeepCopy() *TcxProgramSpec { + if in == nil { + return nil + } + out := new(TcxProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TcxProgramStatus) DeepCopyInto(out *TcxProgramStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgramStatus. +func (in *TcxProgramStatus) DeepCopy() *TcxProgramStatus { + if in == nil { + return nil + } + out := new(TcxProgramStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TracepointProgram) DeepCopyInto(out *TracepointProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointProgram. +func (in *TracepointProgram) DeepCopy() *TracepointProgram { + if in == nil { + return nil + } + out := new(TracepointProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TracepointProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TracepointProgramInfo) DeepCopyInto(out *TracepointProgramInfo) { + *out = *in + in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + if in.Names != nil { + in, out := &in.Names, &out.Names + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointProgramInfo. +func (in *TracepointProgramInfo) DeepCopy() *TracepointProgramInfo { + if in == nil { + return nil + } + out := new(TracepointProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TracepointProgramList) DeepCopyInto(out *TracepointProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TracepointProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointProgramList. +func (in *TracepointProgramList) DeepCopy() *TracepointProgramList { + if in == nil { + return nil + } + out := new(TracepointProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TracepointProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TracepointProgramSpec) DeepCopyInto(out *TracepointProgramSpec) { + *out = *in + in.TracepointProgramInfo.DeepCopyInto(&out.TracepointProgramInfo) + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointProgramSpec. +func (in *TracepointProgramSpec) DeepCopy() *TracepointProgramSpec { + if in == nil { + return nil + } + out := new(TracepointProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TracepointProgramStatus) DeepCopyInto(out *TracepointProgramStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointProgramStatus. +func (in *TracepointProgramStatus) DeepCopy() *TracepointProgramStatus { + if in == nil { + return nil + } + out := new(TracepointProgramStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeProgram) DeepCopyInto(out *UprobeProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgram. +func (in *UprobeProgram) DeepCopy() *UprobeProgram { + if in == nil { + return nil + } + out := new(UprobeProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UprobeProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeProgramInfo) DeepCopyInto(out *UprobeProgramInfo) { + *out = *in + in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgramInfo. +func (in *UprobeProgramInfo) DeepCopy() *UprobeProgramInfo { + if in == nil { + return nil + } + out := new(UprobeProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeProgramList) DeepCopyInto(out *UprobeProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]UprobeProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgramList. +func (in *UprobeProgramList) DeepCopy() *UprobeProgramList { + if in == nil { + return nil + } + out := new(UprobeProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UprobeProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeProgramSpec) DeepCopyInto(out *UprobeProgramSpec) { + *out = *in + in.UprobeProgramInfo.DeepCopyInto(&out.UprobeProgramInfo) + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgramSpec. +func (in *UprobeProgramSpec) DeepCopy() *UprobeProgramSpec { + if in == nil { + return nil + } + out := new(UprobeProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UprobeProgramStatus) DeepCopyInto(out *UprobeProgramStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgramStatus. +func (in *UprobeProgramStatus) DeepCopy() *UprobeProgramStatus { + if in == nil { + return nil + } + out := new(UprobeProgramStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpProgram) DeepCopyInto(out *XdpProgram) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgram. +func (in *XdpProgram) DeepCopy() *XdpProgram { + if in == nil { + return nil + } + out := new(XdpProgram) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *XdpProgram) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpProgramInfo) DeepCopyInto(out *XdpProgramInfo) { + *out = *in + in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]XdpProceedOnValue, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgramInfo. +func (in *XdpProgramInfo) DeepCopy() *XdpProgramInfo { + if in == nil { + return nil + } + out := new(XdpProgramInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpProgramList) DeepCopyInto(out *XdpProgramList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]XdpProgram, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgramList. +func (in *XdpProgramList) DeepCopy() *XdpProgramList { + if in == nil { + return nil + } + out := new(XdpProgramList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *XdpProgramList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpProgramSpec) DeepCopyInto(out *XdpProgramSpec) { + *out = *in + in.XdpProgramInfo.DeepCopyInto(&out.XdpProgramInfo) + in.BpfAppCommon.DeepCopyInto(&out.BpfAppCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgramSpec. +func (in *XdpProgramSpec) DeepCopy() *XdpProgramSpec { + if in == nil { + return nil + } + out := new(XdpProgramSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XdpProgramStatus) DeepCopyInto(out *XdpProgramStatus) { + *out = *in + in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgramStatus. +func (in *XdpProgramStatus) DeepCopy() *XdpProgramStatus { + if in == nil { + return nil + } + out := new(XdpProgramStatus) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/zz_generated.register.go b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/zz_generated.register.go new file mode 100644 index 000000000..5b55645af --- /dev/null +++ b/vendor/github.com/bpfman/bpfman-operator/apis/v1alpha1/zz_generated.register.go @@ -0,0 +1,88 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2023 The bpfman Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by register-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName specifies the group name used to register the objects. +const GroupName = "bpfman.io" + +// GroupVersion specifies the group and the version used to register the objects. +var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// SchemeGroupVersion is group version used to register these objects +// Deprecated: use GroupVersion instead. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + // Deprecated: use Install instead + AddToScheme = localSchemeBuilder.AddToScheme + Install = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &BpfApplication{}, + &BpfApplicationList{}, + &BpfProgram{}, + &BpfProgramList{}, + &FentryProgram{}, + &FentryProgramList{}, + &FexitProgram{}, + &FexitProgramList{}, + &KprobeProgram{}, + &KprobeProgramList{}, + &TcProgram{}, + &TcProgramList{}, + &TcxProgram{}, + &TcxProgramList{}, + &TracepointProgram{}, + &TracepointProgramList{}, + &UprobeProgram{}, + &UprobeProgramList{}, + &XdpProgram{}, + &XdpProgramList{}, + ) + // AddToGroupVersion allows the serialization of client types like ListOptions. + v1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/vendor/golang.org/x/time/LICENSE b/vendor/golang.org/x/time/LICENSE index 6a66aea5e..2a7cf70da 100644 --- a/vendor/golang.org/x/time/LICENSE +++ b/vendor/golang.org/x/time/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. +Copyright 2009 The Go Authors. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer. copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its + * Neither the name of Google LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. diff --git a/vendor/k8s.io/klog/.travis.yml b/vendor/k8s.io/klog/.travis.yml new file mode 100644 index 000000000..5677664c2 --- /dev/null +++ b/vendor/k8s.io/klog/.travis.yml @@ -0,0 +1,16 @@ +language: go +go_import_path: k8s.io/klog +dist: xenial +go: + - 1.9.x + - 1.10.x + - 1.11.x + - 1.12.x +script: + - go get -t -v ./... + - diff -u <(echo -n) <(gofmt -d .) + - diff -u <(echo -n) <(golint $(go list -e ./...)) + - go tool vet . || go vet . + - go test -v -race ./... +install: + - go get golang.org/x/lint/golint diff --git a/vendor/k8s.io/klog/CONTRIBUTING.md b/vendor/k8s.io/klog/CONTRIBUTING.md new file mode 100644 index 000000000..574a56abb --- /dev/null +++ b/vendor/k8s.io/klog/CONTRIBUTING.md @@ -0,0 +1,22 @@ +# Contributing Guidelines + +Welcome to Kubernetes. We are excited about the prospect of you joining our [community](https://github.com/kubernetes/community)! The Kubernetes community abides by the CNCF [code of conduct](code-of-conduct.md). Here is an excerpt: + +_As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities._ + +## Getting Started + +We have full documentation on how to get started contributing here: + +- [Contributor License Agreement](https://git.k8s.io/community/CLA.md) Kubernetes projects require that you sign a Contributor License Agreement (CLA) before we can accept your pull requests +- [Kubernetes Contributor Guide](http://git.k8s.io/community/contributors/guide) - Main contributor documentation, or you can just jump directly to the [contributing section](http://git.k8s.io/community/contributors/guide#contributing) +- [Contributor Cheat Sheet](https://git.k8s.io/community/contributors/guide/contributor-cheatsheet.md) - Common resources for existing developers + +## Mentorship + +- [Mentoring Initiatives](https://git.k8s.io/community/mentoring) - We have a diverse set of mentorship programs available that are always looking for volunteers! + +## Contact Information + +- [Slack](https://kubernetes.slack.com/messages/sig-architecture) +- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-architecture) diff --git a/vendor/k8s.io/klog/LICENSE b/vendor/k8s.io/klog/LICENSE new file mode 100644 index 000000000..37ec93a14 --- /dev/null +++ b/vendor/k8s.io/klog/LICENSE @@ -0,0 +1,191 @@ +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + +"License" shall mean the terms and conditions for use, reproduction, and +distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright +owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities +that control, are controlled by, or are under common control with that entity. +For the purposes of this definition, "control" means (i) the power, direct or +indirect, to cause the direction or management of such entity, whether by +contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the +outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising +permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including +but not limited to software source code, documentation source, and configuration +files. + +"Object" form shall mean any form resulting from mechanical transformation or +translation of a Source form, including but not limited to compiled object code, +generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, made +available under the License, as indicated by a copyright notice that is included +in or attached to the work (an example is provided in the Appendix below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that +is based on (or derived from) the Work and for which the editorial revisions, +annotations, elaborations, or other modifications represent, as a whole, an +original work of authorship. For the purposes of this License, Derivative Works +shall not include works that remain separable from, or merely link (or bind by +name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original version +of the Work and any modifications or additions to that Work or Derivative Works +thereof, that is intentionally submitted to Licensor for inclusion in the Work +by the copyright owner or by an individual or Legal Entity authorized to submit +on behalf of the copyright owner. For the purposes of this definition, +"submitted" means any form of electronic, verbal, or written communication sent +to the Licensor or its representatives, including but not limited to +communication on electronic mailing lists, source code control systems, and +issue tracking systems that are managed by, or on behalf of, the Licensor for +the purpose of discussing and improving the Work, but excluding communication +that is conspicuously marked or otherwise designated in writing by the copyright +owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf +of whom a Contribution has been received by Licensor and subsequently +incorporated within the Work. + +2. Grant of Copyright License. + +Subject to the terms and conditions of this License, each Contributor hereby +grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, +irrevocable copyright license to reproduce, prepare Derivative Works of, +publicly display, publicly perform, sublicense, and distribute the Work and such +Derivative Works in Source or Object form. + +3. Grant of Patent License. + +Subject to the terms and conditions of this License, each Contributor hereby +grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, +irrevocable (except as stated in this section) patent license to make, have +made, use, offer to sell, sell, import, and otherwise transfer the Work, where +such license applies only to those patent claims licensable by such Contributor +that are necessarily infringed by their Contribution(s) alone or by combination +of their Contribution(s) with the Work to which such Contribution(s) was +submitted. If You institute patent litigation against any entity (including a +cross-claim or counterclaim in a lawsuit) alleging that the Work or a +Contribution incorporated within the Work constitutes direct or contributory +patent infringement, then any patent licenses granted to You under this License +for that Work shall terminate as of the date such litigation is filed. + +4. Redistribution. + +You may reproduce and distribute copies of the Work or Derivative Works thereof +in any medium, with or without modifications, and in Source or Object form, +provided that You meet the following conditions: + +You must give any other recipients of the Work or Derivative Works a copy of +this License; and +You must cause any modified files to carry prominent notices stating that You +changed the files; and +You must retain, in the Source form of any Derivative Works that You distribute, +all copyright, patent, trademark, and attribution notices from the Source form +of the Work, excluding those notices that do not pertain to any part of the +Derivative Works; and +If the Work includes a "NOTICE" text file as part of its distribution, then any +Derivative Works that You distribute must include a readable copy of the +attribution notices contained within such NOTICE file, excluding those notices +that do not pertain to any part of the Derivative Works, in at least one of the +following places: within a NOTICE text file distributed as part of the +Derivative Works; within the Source form or documentation, if provided along +with the Derivative Works; or, within a display generated by the Derivative +Works, if and wherever such third-party notices normally appear. The contents of +the NOTICE file are for informational purposes only and do not modify the +License. You may add Your own attribution notices within Derivative Works that +You distribute, alongside or as an addendum to the NOTICE text from the Work, +provided that such additional attribution notices cannot be construed as +modifying the License. +You may add Your own copyright statement to Your modifications and may provide +additional or different license terms and conditions for use, reproduction, or +distribution of Your modifications, or for any such Derivative Works as a whole, +provided Your use, reproduction, and distribution of the Work otherwise complies +with the conditions stated in this License. + +5. Submission of Contributions. + +Unless You explicitly state otherwise, any Contribution intentionally submitted +for inclusion in the Work by You to the Licensor shall be under the terms and +conditions of this License, without any additional terms or conditions. +Notwithstanding the above, nothing herein shall supersede or modify the terms of +any separate license agreement you may have executed with Licensor regarding +such Contributions. + +6. Trademarks. + +This License does not grant permission to use the trade names, trademarks, +service marks, or product names of the Licensor, except as required for +reasonable and customary use in describing the origin of the Work and +reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. + +Unless required by applicable law or agreed to in writing, Licensor provides the +Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, +including, without limitation, any warranties or conditions of TITLE, +NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are +solely responsible for determining the appropriateness of using or +redistributing the Work and assume any risks associated with Your exercise of +permissions under this License. + +8. Limitation of Liability. + +In no event and under no legal theory, whether in tort (including negligence), +contract, or otherwise, unless required by applicable law (such as deliberate +and grossly negligent acts) or agreed to in writing, shall any Contributor be +liable to You for damages, including any direct, indirect, special, incidental, +or consequential damages of any character arising as a result of this License or +out of the use or inability to use the Work (including but not limited to +damages for loss of goodwill, work stoppage, computer failure or malfunction, or +any and all other commercial damages or losses), even if such Contributor has +been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. + +While redistributing the Work or Derivative Works thereof, You may choose to +offer, and charge a fee for, acceptance of support, warranty, indemnity, or +other liability obligations and/or rights consistent with this License. However, +in accepting such obligations, You may act only on Your own behalf and on Your +sole responsibility, not on behalf of any other Contributor, and only if You +agree to indemnify, defend, and hold each Contributor harmless for any liability +incurred by, or claims asserted against, such Contributor by reason of your +accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work + +To apply the Apache License to your work, attach the following boilerplate +notice, with the fields enclosed by brackets "[]" replaced with your own +identifying information. (Don't include the brackets!) The text should be +enclosed in the appropriate comment syntax for the file format. We also +recommend that a file or class name and description of purpose be included on +the same "printed page" as the copyright notice for easier identification within +third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/k8s.io/klog/OWNERS b/vendor/k8s.io/klog/OWNERS new file mode 100644 index 000000000..380e514f2 --- /dev/null +++ b/vendor/k8s.io/klog/OWNERS @@ -0,0 +1,19 @@ +# See the OWNERS docs at https://go.k8s.io/owners +reviewers: + - jayunit100 + - hoegaarden + - andyxning + - neolit123 + - pohly + - yagonobre + - vincepri + - detiber +approvers: + - dims + - thockin + - justinsb + - tallclair + - piosz + - brancz + - DirectXMan12 + - lavalamp diff --git a/vendor/k8s.io/klog/README.md b/vendor/k8s.io/klog/README.md new file mode 100644 index 000000000..841468b4b --- /dev/null +++ b/vendor/k8s.io/klog/README.md @@ -0,0 +1,97 @@ +klog +==== + +klog is a permanent fork of https://github.com/golang/glog. + +## Why was klog created? + +The decision to create klog was one that wasn't made lightly, but it was necessary due to some +drawbacks that are present in [glog](https://github.com/golang/glog). Ultimately, the fork was created due to glog not being under active development; this can be seen in the glog README: + +> The code in this repo [...] is not itself under development + +This makes us unable to solve many use cases without a fork. The factors that contributed to needing feature development are listed below: + + * `glog` [presents a lot "gotchas"](https://github.com/kubernetes/kubernetes/issues/61006) and introduces challenges in containerized environments, all of which aren't well documented. + * `glog` doesn't provide an easy way to test logs, which detracts from the stability of software using it + * A long term goal is to implement a logging interface that allows us to add context, change output format, etc. + +Historical context is available here: + + * https://github.com/kubernetes/kubernetes/issues/61006 + * https://github.com/kubernetes/kubernetes/issues/70264 + * https://groups.google.com/forum/#!msg/kubernetes-sig-architecture/wCWiWf3Juzs/hXRVBH90CgAJ + * https://groups.google.com/forum/#!msg/kubernetes-dev/7vnijOMhLS0/1oRiNtigBgAJ + +---- + +How to use klog +=============== +- Replace imports for `github.com/golang/glog` with `k8s.io/klog` +- Use `klog.InitFlags(nil)` explicitly for initializing global flags as we no longer use `init()` method to register the flags +- You can now use `log-file` instead of `log-dir` for logging to a single file (See `examples/log_file/usage_log_file.go`) +- If you want to redirect everything logged using klog somewhere else (say syslog!), you can use `klog.SetOutput()` method and supply a `io.Writer`. (See `examples/set_output/usage_set_output.go`) +- For more logging conventions (See [Logging Conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md)) + +### Coexisting with glog +This package can be used side by side with glog. [This example](examples/coexist_glog/coexist_glog.go) shows how to initialize and syncronize flags from the global `flag.CommandLine` FlagSet. In addition, the example makes use of stderr as combined output by setting `alsologtostderr` (or `logtostderr`) to `true`. + +## Community, discussion, contribution, and support + +Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/). + +You can reach the maintainers of this project at: + +- [Slack](https://kubernetes.slack.com/messages/sig-architecture) +- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-architecture) + +### Code of conduct + +Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md). + +---- + +glog +==== + +Leveled execution logs for Go. + +This is an efficient pure Go implementation of leveled logs in the +manner of the open source C++ package + https://github.com/google/glog + +By binding methods to booleans it is possible to use the log package +without paying the expense of evaluating the arguments to the log. +Through the -vmodule flag, the package also provides fine-grained +control over logging at the file level. + +The comment from glog.go introduces the ideas: + + Package glog implements logging analogous to the Google-internal + C++ INFO/ERROR/V setup. It provides functions Info, Warning, + Error, Fatal, plus formatting variants such as Infof. It + also provides V-style logging controlled by the -v and + -vmodule=file=2 flags. + + Basic examples: + + glog.Info("Prepare to repel boarders") + + glog.Fatalf("Initialization failed: %s", err) + + See the documentation for the V function for an explanation + of these examples: + + if glog.V(2) { + glog.Info("Starting transaction...") + } + + glog.V(2).Infoln("Processed", nItems, "elements") + + +The repository contains an open source version of the log package +used inside Google. The master copy of the source lives inside +Google, not here. The code in this repo is for export only and is not itself +under development. Feature requests will be ignored. + +Send bug reports to golang-nuts@googlegroups.com. diff --git a/vendor/k8s.io/klog/RELEASE.md b/vendor/k8s.io/klog/RELEASE.md new file mode 100644 index 000000000..b53eb960c --- /dev/null +++ b/vendor/k8s.io/klog/RELEASE.md @@ -0,0 +1,9 @@ +# Release Process + +The `klog` is released on an as-needed basis. The process is as follows: + +1. An issue is proposing a new release with a changelog since the last release +1. All [OWNERS](OWNERS) must LGTM this release +1. An OWNER runs `git tag -s $VERSION` and inserts the changelog and pushes the tag with `git push $VERSION` +1. The release issue is closed +1. An announcement email is sent to `kubernetes-dev@googlegroups.com` with the subject `[ANNOUNCE] kubernetes-template-project $VERSION is released` diff --git a/vendor/k8s.io/klog/SECURITY_CONTACTS b/vendor/k8s.io/klog/SECURITY_CONTACTS new file mode 100644 index 000000000..6128a5869 --- /dev/null +++ b/vendor/k8s.io/klog/SECURITY_CONTACTS @@ -0,0 +1,20 @@ +# Defined below are the security contacts for this repo. +# +# They are the contact point for the Product Security Committee to reach out +# to for triaging and handling of incoming issues. +# +# The below names agree to abide by the +# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) +# and will be removed and replaced if they violate that agreement. +# +# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE +# INSTRUCTIONS AT https://kubernetes.io/security/ + +dims +thockin +justinsb +tallclair +piosz +brancz +DirectXMan12 +lavalamp diff --git a/vendor/k8s.io/klog/code-of-conduct.md b/vendor/k8s.io/klog/code-of-conduct.md new file mode 100644 index 000000000..0d15c00cf --- /dev/null +++ b/vendor/k8s.io/klog/code-of-conduct.md @@ -0,0 +1,3 @@ +# Kubernetes Community Code of Conduct + +Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) diff --git a/vendor/k8s.io/klog/klog.go b/vendor/k8s.io/klog/klog.go new file mode 100644 index 000000000..2712ce0af --- /dev/null +++ b/vendor/k8s.io/klog/klog.go @@ -0,0 +1,1308 @@ +// Go support for leveled logs, analogous to https://code.google.com/p/google-glog/ +// +// Copyright 2013 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package klog implements logging analogous to the Google-internal C++ INFO/ERROR/V setup. +// It provides functions Info, Warning, Error, Fatal, plus formatting variants such as +// Infof. It also provides V-style logging controlled by the -v and -vmodule=file=2 flags. +// +// Basic examples: +// +// klog.Info("Prepare to repel boarders") +// +// klog.Fatalf("Initialization failed: %s", err) +// +// See the documentation for the V function for an explanation of these examples: +// +// if klog.V(2) { +// klog.Info("Starting transaction...") +// } +// +// klog.V(2).Infoln("Processed", nItems, "elements") +// +// Log output is buffered and written periodically using Flush. Programs +// should call Flush before exiting to guarantee all log output is written. +// +// By default, all log statements write to standard error. +// This package provides several flags that modify this behavior. +// As a result, flag.Parse must be called before any logging is done. +// +// -logtostderr=true +// Logs are written to standard error instead of to files. +// -alsologtostderr=false +// Logs are written to standard error as well as to files. +// -stderrthreshold=ERROR +// Log events at or above this severity are logged to standard +// error as well as to files. +// -log_dir="" +// Log files will be written to this directory instead of the +// default temporary directory. +// +// Other flags provide aids to debugging. +// +// -log_backtrace_at="" +// When set to a file and line number holding a logging statement, +// such as +// -log_backtrace_at=gopherflakes.go:234 +// a stack trace will be written to the Info log whenever execution +// hits that statement. (Unlike with -vmodule, the ".go" must be +// present.) +// -v=0 +// Enable V-leveled logging at the specified level. +// -vmodule="" +// The syntax of the argument is a comma-separated list of pattern=N, +// where pattern is a literal file name (minus the ".go" suffix) or +// "glob" pattern and N is a V level. For instance, +// -vmodule=gopher*=3 +// sets the V level to 3 in all Go files whose names begin "gopher". +// +package klog + +import ( + "bufio" + "bytes" + "errors" + "flag" + "fmt" + "io" + stdLog "log" + "math" + "os" + "path/filepath" + "runtime" + "strconv" + "strings" + "sync" + "sync/atomic" + "time" +) + +// severity identifies the sort of log: info, warning etc. It also implements +// the flag.Value interface. The -stderrthreshold flag is of type severity and +// should be modified only through the flag.Value interface. The values match +// the corresponding constants in C++. +type severity int32 // sync/atomic int32 + +// These constants identify the log levels in order of increasing severity. +// A message written to a high-severity log file is also written to each +// lower-severity log file. +const ( + infoLog severity = iota + warningLog + errorLog + fatalLog + numSeverity = 4 +) + +const severityChar = "IWEF" + +var severityName = []string{ + infoLog: "INFO", + warningLog: "WARNING", + errorLog: "ERROR", + fatalLog: "FATAL", +} + +// get returns the value of the severity. +func (s *severity) get() severity { + return severity(atomic.LoadInt32((*int32)(s))) +} + +// set sets the value of the severity. +func (s *severity) set(val severity) { + atomic.StoreInt32((*int32)(s), int32(val)) +} + +// String is part of the flag.Value interface. +func (s *severity) String() string { + return strconv.FormatInt(int64(*s), 10) +} + +// Get is part of the flag.Value interface. +func (s *severity) Get() interface{} { + return *s +} + +// Set is part of the flag.Value interface. +func (s *severity) Set(value string) error { + var threshold severity + // Is it a known name? + if v, ok := severityByName(value); ok { + threshold = v + } else { + v, err := strconv.ParseInt(value, 10, 32) + if err != nil { + return err + } + threshold = severity(v) + } + logging.stderrThreshold.set(threshold) + return nil +} + +func severityByName(s string) (severity, bool) { + s = strings.ToUpper(s) + for i, name := range severityName { + if name == s { + return severity(i), true + } + } + return 0, false +} + +// OutputStats tracks the number of output lines and bytes written. +type OutputStats struct { + lines int64 + bytes int64 +} + +// Lines returns the number of lines written. +func (s *OutputStats) Lines() int64 { + return atomic.LoadInt64(&s.lines) +} + +// Bytes returns the number of bytes written. +func (s *OutputStats) Bytes() int64 { + return atomic.LoadInt64(&s.bytes) +} + +// Stats tracks the number of lines of output and number of bytes +// per severity level. Values must be read with atomic.LoadInt64. +var Stats struct { + Info, Warning, Error OutputStats +} + +var severityStats = [numSeverity]*OutputStats{ + infoLog: &Stats.Info, + warningLog: &Stats.Warning, + errorLog: &Stats.Error, +} + +// Level is exported because it appears in the arguments to V and is +// the type of the v flag, which can be set programmatically. +// It's a distinct type because we want to discriminate it from logType. +// Variables of type level are only changed under logging.mu. +// The -v flag is read only with atomic ops, so the state of the logging +// module is consistent. + +// Level is treated as a sync/atomic int32. + +// Level specifies a level of verbosity for V logs. *Level implements +// flag.Value; the -v flag is of type Level and should be modified +// only through the flag.Value interface. +type Level int32 + +// get returns the value of the Level. +func (l *Level) get() Level { + return Level(atomic.LoadInt32((*int32)(l))) +} + +// set sets the value of the Level. +func (l *Level) set(val Level) { + atomic.StoreInt32((*int32)(l), int32(val)) +} + +// String is part of the flag.Value interface. +func (l *Level) String() string { + return strconv.FormatInt(int64(*l), 10) +} + +// Get is part of the flag.Value interface. +func (l *Level) Get() interface{} { + return *l +} + +// Set is part of the flag.Value interface. +func (l *Level) Set(value string) error { + v, err := strconv.ParseInt(value, 10, 32) + if err != nil { + return err + } + logging.mu.Lock() + defer logging.mu.Unlock() + logging.setVState(Level(v), logging.vmodule.filter, false) + return nil +} + +// moduleSpec represents the setting of the -vmodule flag. +type moduleSpec struct { + filter []modulePat +} + +// modulePat contains a filter for the -vmodule flag. +// It holds a verbosity level and a file pattern to match. +type modulePat struct { + pattern string + literal bool // The pattern is a literal string + level Level +} + +// match reports whether the file matches the pattern. It uses a string +// comparison if the pattern contains no metacharacters. +func (m *modulePat) match(file string) bool { + if m.literal { + return file == m.pattern + } + match, _ := filepath.Match(m.pattern, file) + return match +} + +func (m *moduleSpec) String() string { + // Lock because the type is not atomic. TODO: clean this up. + logging.mu.Lock() + defer logging.mu.Unlock() + var b bytes.Buffer + for i, f := range m.filter { + if i > 0 { + b.WriteRune(',') + } + fmt.Fprintf(&b, "%s=%d", f.pattern, f.level) + } + return b.String() +} + +// Get is part of the (Go 1.2) flag.Getter interface. It always returns nil for this flag type since the +// struct is not exported. +func (m *moduleSpec) Get() interface{} { + return nil +} + +var errVmoduleSyntax = errors.New("syntax error: expect comma-separated list of filename=N") + +// Syntax: -vmodule=recordio=2,file=1,gfs*=3 +func (m *moduleSpec) Set(value string) error { + var filter []modulePat + for _, pat := range strings.Split(value, ",") { + if len(pat) == 0 { + // Empty strings such as from a trailing comma can be ignored. + continue + } + patLev := strings.Split(pat, "=") + if len(patLev) != 2 || len(patLev[0]) == 0 || len(patLev[1]) == 0 { + return errVmoduleSyntax + } + pattern := patLev[0] + v, err := strconv.ParseInt(patLev[1], 10, 32) + if err != nil { + return errors.New("syntax error: expect comma-separated list of filename=N") + } + if v < 0 { + return errors.New("negative value for vmodule level") + } + if v == 0 { + continue // Ignore. It's harmless but no point in paying the overhead. + } + // TODO: check syntax of filter? + filter = append(filter, modulePat{pattern, isLiteral(pattern), Level(v)}) + } + logging.mu.Lock() + defer logging.mu.Unlock() + logging.setVState(logging.verbosity, filter, true) + return nil +} + +// isLiteral reports whether the pattern is a literal string, that is, has no metacharacters +// that require filepath.Match to be called to match the pattern. +func isLiteral(pattern string) bool { + return !strings.ContainsAny(pattern, `\*?[]`) +} + +// traceLocation represents the setting of the -log_backtrace_at flag. +type traceLocation struct { + file string + line int +} + +// isSet reports whether the trace location has been specified. +// logging.mu is held. +func (t *traceLocation) isSet() bool { + return t.line > 0 +} + +// match reports whether the specified file and line matches the trace location. +// The argument file name is the full path, not the basename specified in the flag. +// logging.mu is held. +func (t *traceLocation) match(file string, line int) bool { + if t.line != line { + return false + } + if i := strings.LastIndex(file, "/"); i >= 0 { + file = file[i+1:] + } + return t.file == file +} + +func (t *traceLocation) String() string { + // Lock because the type is not atomic. TODO: clean this up. + logging.mu.Lock() + defer logging.mu.Unlock() + return fmt.Sprintf("%s:%d", t.file, t.line) +} + +// Get is part of the (Go 1.2) flag.Getter interface. It always returns nil for this flag type since the +// struct is not exported +func (t *traceLocation) Get() interface{} { + return nil +} + +var errTraceSyntax = errors.New("syntax error: expect file.go:234") + +// Syntax: -log_backtrace_at=gopherflakes.go:234 +// Note that unlike vmodule the file extension is included here. +func (t *traceLocation) Set(value string) error { + if value == "" { + // Unset. + t.line = 0 + t.file = "" + } + fields := strings.Split(value, ":") + if len(fields) != 2 { + return errTraceSyntax + } + file, line := fields[0], fields[1] + if !strings.Contains(file, ".") { + return errTraceSyntax + } + v, err := strconv.Atoi(line) + if err != nil { + return errTraceSyntax + } + if v <= 0 { + return errors.New("negative or zero value for level") + } + logging.mu.Lock() + defer logging.mu.Unlock() + t.line = v + t.file = file + return nil +} + +// flushSyncWriter is the interface satisfied by logging destinations. +type flushSyncWriter interface { + Flush() error + Sync() error + io.Writer +} + +// init sets up the defaults and runs flushDaemon. +func init() { + logging.stderrThreshold = errorLog // Default stderrThreshold is ERROR. + logging.setVState(0, nil, false) + logging.logDir = "" + logging.logFile = "" + logging.logFileMaxSizeMB = 1800 + logging.toStderr = true + logging.alsoToStderr = false + logging.skipHeaders = false + logging.addDirHeader = false + logging.skipLogHeaders = false + go logging.flushDaemon() +} + +// InitFlags is for explicitly initializing the flags. +func InitFlags(flagset *flag.FlagSet) { + if flagset == nil { + flagset = flag.CommandLine + } + + flagset.StringVar(&logging.logDir, "log_dir", logging.logDir, "If non-empty, write log files in this directory") + flagset.StringVar(&logging.logFile, "log_file", logging.logFile, "If non-empty, use this log file") + flagset.Uint64Var(&logging.logFileMaxSizeMB, "log_file_max_size", logging.logFileMaxSizeMB, + "Defines the maximum size a log file can grow to. Unit is megabytes. "+ + "If the value is 0, the maximum file size is unlimited.") + flagset.BoolVar(&logging.toStderr, "logtostderr", logging.toStderr, "log to standard error instead of files") + flagset.BoolVar(&logging.alsoToStderr, "alsologtostderr", logging.alsoToStderr, "log to standard error as well as files") + flagset.Var(&logging.verbosity, "v", "number for the log level verbosity") + flagset.BoolVar(&logging.skipHeaders, "add_dir_header", logging.addDirHeader, "If true, adds the file directory to the header") + flagset.BoolVar(&logging.skipHeaders, "skip_headers", logging.skipHeaders, "If true, avoid header prefixes in the log messages") + flagset.BoolVar(&logging.skipLogHeaders, "skip_log_headers", logging.skipLogHeaders, "If true, avoid headers when opening log files") + flagset.Var(&logging.stderrThreshold, "stderrthreshold", "logs at or above this threshold go to stderr") + flagset.Var(&logging.vmodule, "vmodule", "comma-separated list of pattern=N settings for file-filtered logging") + flagset.Var(&logging.traceLocation, "log_backtrace_at", "when logging hits line file:N, emit a stack trace") +} + +// Flush flushes all pending log I/O. +func Flush() { + logging.lockAndFlushAll() +} + +// loggingT collects all the global state of the logging setup. +type loggingT struct { + // Boolean flags. Not handled atomically because the flag.Value interface + // does not let us avoid the =true, and that shorthand is necessary for + // compatibility. TODO: does this matter enough to fix? Seems unlikely. + toStderr bool // The -logtostderr flag. + alsoToStderr bool // The -alsologtostderr flag. + + // Level flag. Handled atomically. + stderrThreshold severity // The -stderrthreshold flag. + + // freeList is a list of byte buffers, maintained under freeListMu. + freeList *buffer + // freeListMu maintains the free list. It is separate from the main mutex + // so buffers can be grabbed and printed to without holding the main lock, + // for better parallelization. + freeListMu sync.Mutex + + // mu protects the remaining elements of this structure and is + // used to synchronize logging. + mu sync.Mutex + // file holds writer for each of the log types. + file [numSeverity]flushSyncWriter + // pcs is used in V to avoid an allocation when computing the caller's PC. + pcs [1]uintptr + // vmap is a cache of the V Level for each V() call site, identified by PC. + // It is wiped whenever the vmodule flag changes state. + vmap map[uintptr]Level + // filterLength stores the length of the vmodule filter chain. If greater + // than zero, it means vmodule is enabled. It may be read safely + // using sync.LoadInt32, but is only modified under mu. + filterLength int32 + // traceLocation is the state of the -log_backtrace_at flag. + traceLocation traceLocation + // These flags are modified only under lock, although verbosity may be fetched + // safely using atomic.LoadInt32. + vmodule moduleSpec // The state of the -vmodule flag. + verbosity Level // V logging level, the value of the -v flag/ + + // If non-empty, overrides the choice of directory in which to write logs. + // See createLogDirs for the full list of possible destinations. + logDir string + + // If non-empty, specifies the path of the file to write logs. mutually exclusive + // with the log-dir option. + logFile string + + // When logFile is specified, this limiter makes sure the logFile won't exceeds a certain size. When exceeds, the + // logFile will be cleaned up. If this value is 0, no size limitation will be applied to logFile. + logFileMaxSizeMB uint64 + + // If true, do not add the prefix headers, useful when used with SetOutput + skipHeaders bool + + // If true, do not add the headers to log files + skipLogHeaders bool + + // If true, add the file directory to the header + addDirHeader bool +} + +// buffer holds a byte Buffer for reuse. The zero value is ready for use. +type buffer struct { + bytes.Buffer + tmp [64]byte // temporary byte array for creating headers. + next *buffer +} + +var logging loggingT + +// setVState sets a consistent state for V logging. +// l.mu is held. +func (l *loggingT) setVState(verbosity Level, filter []modulePat, setFilter bool) { + // Turn verbosity off so V will not fire while we are in transition. + logging.verbosity.set(0) + // Ditto for filter length. + atomic.StoreInt32(&logging.filterLength, 0) + + // Set the new filters and wipe the pc->Level map if the filter has changed. + if setFilter { + logging.vmodule.filter = filter + logging.vmap = make(map[uintptr]Level) + } + + // Things are consistent now, so enable filtering and verbosity. + // They are enabled in order opposite to that in V. + atomic.StoreInt32(&logging.filterLength, int32(len(filter))) + logging.verbosity.set(verbosity) +} + +// getBuffer returns a new, ready-to-use buffer. +func (l *loggingT) getBuffer() *buffer { + l.freeListMu.Lock() + b := l.freeList + if b != nil { + l.freeList = b.next + } + l.freeListMu.Unlock() + if b == nil { + b = new(buffer) + } else { + b.next = nil + b.Reset() + } + return b +} + +// putBuffer returns a buffer to the free list. +func (l *loggingT) putBuffer(b *buffer) { + if b.Len() >= 256 { + // Let big buffers die a natural death. + return + } + l.freeListMu.Lock() + b.next = l.freeList + l.freeList = b + l.freeListMu.Unlock() +} + +var timeNow = time.Now // Stubbed out for testing. + +/* +header formats a log header as defined by the C++ implementation. +It returns a buffer containing the formatted header and the user's file and line number. +The depth specifies how many stack frames above lives the source line to be identified in the log message. + +Log lines have this form: + Lmmdd hh:mm:ss.uuuuuu threadid file:line] msg... +where the fields are defined as follows: + L A single character, representing the log level (eg 'I' for INFO) + mm The month (zero padded; ie May is '05') + dd The day (zero padded) + hh:mm:ss.uuuuuu Time in hours, minutes and fractional seconds + threadid The space-padded thread ID as returned by GetTID() + file The file name + line The line number + msg The user-supplied message +*/ +func (l *loggingT) header(s severity, depth int) (*buffer, string, int) { + _, file, line, ok := runtime.Caller(3 + depth) + if !ok { + file = "???" + line = 1 + } else { + if slash := strings.LastIndex(file, "/"); slash >= 0 { + path := file + file = path[slash+1:] + if l.addDirHeader { + if dirsep := strings.LastIndex(path[:slash], "/"); dirsep >= 0 { + file = path[dirsep+1:] + } + } + } + } + return l.formatHeader(s, file, line), file, line +} + +// formatHeader formats a log header using the provided file name and line number. +func (l *loggingT) formatHeader(s severity, file string, line int) *buffer { + now := timeNow() + if line < 0 { + line = 0 // not a real line number, but acceptable to someDigits + } + if s > fatalLog { + s = infoLog // for safety. + } + buf := l.getBuffer() + if l.skipHeaders { + return buf + } + + // Avoid Fprintf, for speed. The format is so simple that we can do it quickly by hand. + // It's worth about 3X. Fprintf is hard. + _, month, day := now.Date() + hour, minute, second := now.Clock() + // Lmmdd hh:mm:ss.uuuuuu threadid file:line] + buf.tmp[0] = severityChar[s] + buf.twoDigits(1, int(month)) + buf.twoDigits(3, day) + buf.tmp[5] = ' ' + buf.twoDigits(6, hour) + buf.tmp[8] = ':' + buf.twoDigits(9, minute) + buf.tmp[11] = ':' + buf.twoDigits(12, second) + buf.tmp[14] = '.' + buf.nDigits(6, 15, now.Nanosecond()/1000, '0') + buf.tmp[21] = ' ' + buf.nDigits(7, 22, pid, ' ') // TODO: should be TID + buf.tmp[29] = ' ' + buf.Write(buf.tmp[:30]) + buf.WriteString(file) + buf.tmp[0] = ':' + n := buf.someDigits(1, line) + buf.tmp[n+1] = ']' + buf.tmp[n+2] = ' ' + buf.Write(buf.tmp[:n+3]) + return buf +} + +// Some custom tiny helper functions to print the log header efficiently. + +const digits = "0123456789" + +// twoDigits formats a zero-prefixed two-digit integer at buf.tmp[i]. +func (buf *buffer) twoDigits(i, d int) { + buf.tmp[i+1] = digits[d%10] + d /= 10 + buf.tmp[i] = digits[d%10] +} + +// nDigits formats an n-digit integer at buf.tmp[i], +// padding with pad on the left. +// It assumes d >= 0. +func (buf *buffer) nDigits(n, i, d int, pad byte) { + j := n - 1 + for ; j >= 0 && d > 0; j-- { + buf.tmp[i+j] = digits[d%10] + d /= 10 + } + for ; j >= 0; j-- { + buf.tmp[i+j] = pad + } +} + +// someDigits formats a zero-prefixed variable-width integer at buf.tmp[i]. +func (buf *buffer) someDigits(i, d int) int { + // Print into the top, then copy down. We know there's space for at least + // a 10-digit number. + j := len(buf.tmp) + for { + j-- + buf.tmp[j] = digits[d%10] + d /= 10 + if d == 0 { + break + } + } + return copy(buf.tmp[i:], buf.tmp[j:]) +} + +func (l *loggingT) println(s severity, args ...interface{}) { + buf, file, line := l.header(s, 0) + fmt.Fprintln(buf, args...) + l.output(s, buf, file, line, false) +} + +func (l *loggingT) print(s severity, args ...interface{}) { + l.printDepth(s, 1, args...) +} + +func (l *loggingT) printDepth(s severity, depth int, args ...interface{}) { + buf, file, line := l.header(s, depth) + fmt.Fprint(buf, args...) + if buf.Bytes()[buf.Len()-1] != '\n' { + buf.WriteByte('\n') + } + l.output(s, buf, file, line, false) +} + +func (l *loggingT) printf(s severity, format string, args ...interface{}) { + buf, file, line := l.header(s, 0) + fmt.Fprintf(buf, format, args...) + if buf.Bytes()[buf.Len()-1] != '\n' { + buf.WriteByte('\n') + } + l.output(s, buf, file, line, false) +} + +// printWithFileLine behaves like print but uses the provided file and line number. If +// alsoLogToStderr is true, the log message always appears on standard error; it +// will also appear in the log file unless --logtostderr is set. +func (l *loggingT) printWithFileLine(s severity, file string, line int, alsoToStderr bool, args ...interface{}) { + buf := l.formatHeader(s, file, line) + fmt.Fprint(buf, args...) + if buf.Bytes()[buf.Len()-1] != '\n' { + buf.WriteByte('\n') + } + l.output(s, buf, file, line, alsoToStderr) +} + +// redirectBuffer is used to set an alternate destination for the logs +type redirectBuffer struct { + w io.Writer +} + +func (rb *redirectBuffer) Sync() error { + return nil +} + +func (rb *redirectBuffer) Flush() error { + return nil +} + +func (rb *redirectBuffer) Write(bytes []byte) (n int, err error) { + return rb.w.Write(bytes) +} + +// SetOutput sets the output destination for all severities +func SetOutput(w io.Writer) { + logging.mu.Lock() + defer logging.mu.Unlock() + for s := fatalLog; s >= infoLog; s-- { + rb := &redirectBuffer{ + w: w, + } + logging.file[s] = rb + } +} + +// SetOutputBySeverity sets the output destination for specific severity +func SetOutputBySeverity(name string, w io.Writer) { + logging.mu.Lock() + defer logging.mu.Unlock() + sev, ok := severityByName(name) + if !ok { + panic(fmt.Sprintf("SetOutputBySeverity(%q): unrecognized severity name", name)) + } + rb := &redirectBuffer{ + w: w, + } + logging.file[sev] = rb +} + +// output writes the data to the log files and releases the buffer. +func (l *loggingT) output(s severity, buf *buffer, file string, line int, alsoToStderr bool) { + l.mu.Lock() + if l.traceLocation.isSet() { + if l.traceLocation.match(file, line) { + buf.Write(stacks(false)) + } + } + data := buf.Bytes() + if l.toStderr { + os.Stderr.Write(data) + } else { + if alsoToStderr || l.alsoToStderr || s >= l.stderrThreshold.get() { + os.Stderr.Write(data) + } + + if logging.logFile != "" { + // Since we are using a single log file, all of the items in l.file array + // will point to the same file, so just use one of them to write data. + if l.file[infoLog] == nil { + if err := l.createFiles(infoLog); err != nil { + os.Stderr.Write(data) // Make sure the message appears somewhere. + l.exit(err) + } + } + l.file[infoLog].Write(data) + } else { + if l.file[s] == nil { + if err := l.createFiles(s); err != nil { + os.Stderr.Write(data) // Make sure the message appears somewhere. + l.exit(err) + } + } + + switch s { + case fatalLog: + l.file[fatalLog].Write(data) + fallthrough + case errorLog: + l.file[errorLog].Write(data) + fallthrough + case warningLog: + l.file[warningLog].Write(data) + fallthrough + case infoLog: + l.file[infoLog].Write(data) + } + } + } + if s == fatalLog { + // If we got here via Exit rather than Fatal, print no stacks. + if atomic.LoadUint32(&fatalNoStacks) > 0 { + l.mu.Unlock() + timeoutFlush(10 * time.Second) + os.Exit(1) + } + // Dump all goroutine stacks before exiting. + // First, make sure we see the trace for the current goroutine on standard error. + // If -logtostderr has been specified, the loop below will do that anyway + // as the first stack in the full dump. + if !l.toStderr { + os.Stderr.Write(stacks(false)) + } + // Write the stack trace for all goroutines to the files. + trace := stacks(true) + logExitFunc = func(error) {} // If we get a write error, we'll still exit below. + for log := fatalLog; log >= infoLog; log-- { + if f := l.file[log]; f != nil { // Can be nil if -logtostderr is set. + f.Write(trace) + } + } + l.mu.Unlock() + timeoutFlush(10 * time.Second) + os.Exit(255) // C++ uses -1, which is silly because it's anded with 255 anyway. + } + l.putBuffer(buf) + l.mu.Unlock() + if stats := severityStats[s]; stats != nil { + atomic.AddInt64(&stats.lines, 1) + atomic.AddInt64(&stats.bytes, int64(len(data))) + } +} + +// timeoutFlush calls Flush and returns when it completes or after timeout +// elapses, whichever happens first. This is needed because the hooks invoked +// by Flush may deadlock when klog.Fatal is called from a hook that holds +// a lock. +func timeoutFlush(timeout time.Duration) { + done := make(chan bool, 1) + go func() { + Flush() // calls logging.lockAndFlushAll() + done <- true + }() + select { + case <-done: + case <-time.After(timeout): + fmt.Fprintln(os.Stderr, "klog: Flush took longer than", timeout) + } +} + +// stacks is a wrapper for runtime.Stack that attempts to recover the data for all goroutines. +func stacks(all bool) []byte { + // We don't know how big the traces are, so grow a few times if they don't fit. Start large, though. + n := 10000 + if all { + n = 100000 + } + var trace []byte + for i := 0; i < 5; i++ { + trace = make([]byte, n) + nbytes := runtime.Stack(trace, all) + if nbytes < len(trace) { + return trace[:nbytes] + } + n *= 2 + } + return trace +} + +// logExitFunc provides a simple mechanism to override the default behavior +// of exiting on error. Used in testing and to guarantee we reach a required exit +// for fatal logs. Instead, exit could be a function rather than a method but that +// would make its use clumsier. +var logExitFunc func(error) + +// exit is called if there is trouble creating or writing log files. +// It flushes the logs and exits the program; there's no point in hanging around. +// l.mu is held. +func (l *loggingT) exit(err error) { + fmt.Fprintf(os.Stderr, "log: exiting because of error: %s\n", err) + // If logExitFunc is set, we do that instead of exiting. + if logExitFunc != nil { + logExitFunc(err) + return + } + l.flushAll() + os.Exit(2) +} + +// syncBuffer joins a bufio.Writer to its underlying file, providing access to the +// file's Sync method and providing a wrapper for the Write method that provides log +// file rotation. There are conflicting methods, so the file cannot be embedded. +// l.mu is held for all its methods. +type syncBuffer struct { + logger *loggingT + *bufio.Writer + file *os.File + sev severity + nbytes uint64 // The number of bytes written to this file + maxbytes uint64 // The max number of bytes this syncBuffer.file can hold before cleaning up. +} + +func (sb *syncBuffer) Sync() error { + return sb.file.Sync() +} + +// CalculateMaxSize returns the real max size in bytes after considering the default max size and the flag options. +func CalculateMaxSize() uint64 { + if logging.logFile != "" { + if logging.logFileMaxSizeMB == 0 { + // If logFileMaxSizeMB is zero, we don't have limitations on the log size. + return math.MaxUint64 + } + // Flag logFileMaxSizeMB is in MB for user convenience. + return logging.logFileMaxSizeMB * 1024 * 1024 + } + // If "log_file" flag is not specified, the target file (sb.file) will be cleaned up when reaches a fixed size. + return MaxSize +} + +func (sb *syncBuffer) Write(p []byte) (n int, err error) { + if sb.nbytes+uint64(len(p)) >= sb.maxbytes { + if err := sb.rotateFile(time.Now(), false); err != nil { + sb.logger.exit(err) + } + } + n, err = sb.Writer.Write(p) + sb.nbytes += uint64(n) + if err != nil { + sb.logger.exit(err) + } + return +} + +// rotateFile closes the syncBuffer's file and starts a new one. +// The startup argument indicates whether this is the initial startup of klog. +// If startup is true, existing files are opened for appending instead of truncated. +func (sb *syncBuffer) rotateFile(now time.Time, startup bool) error { + if sb.file != nil { + sb.Flush() + sb.file.Close() + } + var err error + sb.file, _, err = create(severityName[sb.sev], now, startup) + sb.nbytes = 0 + if err != nil { + return err + } + + sb.Writer = bufio.NewWriterSize(sb.file, bufferSize) + + if sb.logger.skipLogHeaders { + return nil + } + + // Write header. + var buf bytes.Buffer + fmt.Fprintf(&buf, "Log file created at: %s\n", now.Format("2006/01/02 15:04:05")) + fmt.Fprintf(&buf, "Running on machine: %s\n", host) + fmt.Fprintf(&buf, "Binary: Built with %s %s for %s/%s\n", runtime.Compiler, runtime.Version(), runtime.GOOS, runtime.GOARCH) + fmt.Fprintf(&buf, "Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg\n") + n, err := sb.file.Write(buf.Bytes()) + sb.nbytes += uint64(n) + return err +} + +// bufferSize sizes the buffer associated with each log file. It's large +// so that log records can accumulate without the logging thread blocking +// on disk I/O. The flushDaemon will block instead. +const bufferSize = 256 * 1024 + +// createFiles creates all the log files for severity from sev down to infoLog. +// l.mu is held. +func (l *loggingT) createFiles(sev severity) error { + now := time.Now() + // Files are created in decreasing severity order, so as soon as we find one + // has already been created, we can stop. + for s := sev; s >= infoLog && l.file[s] == nil; s-- { + sb := &syncBuffer{ + logger: l, + sev: s, + maxbytes: CalculateMaxSize(), + } + if err := sb.rotateFile(now, true); err != nil { + return err + } + l.file[s] = sb + } + return nil +} + +const flushInterval = 5 * time.Second + +// flushDaemon periodically flushes the log file buffers. +func (l *loggingT) flushDaemon() { + for range time.NewTicker(flushInterval).C { + l.lockAndFlushAll() + } +} + +// lockAndFlushAll is like flushAll but locks l.mu first. +func (l *loggingT) lockAndFlushAll() { + l.mu.Lock() + l.flushAll() + l.mu.Unlock() +} + +// flushAll flushes all the logs and attempts to "sync" their data to disk. +// l.mu is held. +func (l *loggingT) flushAll() { + // Flush from fatal down, in case there's trouble flushing. + for s := fatalLog; s >= infoLog; s-- { + file := l.file[s] + if file != nil { + file.Flush() // ignore error + file.Sync() // ignore error + } + } +} + +// CopyStandardLogTo arranges for messages written to the Go "log" package's +// default logs to also appear in the Google logs for the named and lower +// severities. Subsequent changes to the standard log's default output location +// or format may break this behavior. +// +// Valid names are "INFO", "WARNING", "ERROR", and "FATAL". If the name is not +// recognized, CopyStandardLogTo panics. +func CopyStandardLogTo(name string) { + sev, ok := severityByName(name) + if !ok { + panic(fmt.Sprintf("log.CopyStandardLogTo(%q): unrecognized severity name", name)) + } + // Set a log format that captures the user's file and line: + // d.go:23: message + stdLog.SetFlags(stdLog.Lshortfile) + stdLog.SetOutput(logBridge(sev)) +} + +// logBridge provides the Write method that enables CopyStandardLogTo to connect +// Go's standard logs to the logs provided by this package. +type logBridge severity + +// Write parses the standard logging line and passes its components to the +// logger for severity(lb). +func (lb logBridge) Write(b []byte) (n int, err error) { + var ( + file = "???" + line = 1 + text string + ) + // Split "d.go:23: message" into "d.go", "23", and "message". + if parts := bytes.SplitN(b, []byte{':'}, 3); len(parts) != 3 || len(parts[0]) < 1 || len(parts[2]) < 1 { + text = fmt.Sprintf("bad log format: %s", b) + } else { + file = string(parts[0]) + text = string(parts[2][1:]) // skip leading space + line, err = strconv.Atoi(string(parts[1])) + if err != nil { + text = fmt.Sprintf("bad line number: %s", b) + line = 1 + } + } + // printWithFileLine with alsoToStderr=true, so standard log messages + // always appear on standard error. + logging.printWithFileLine(severity(lb), file, line, true, text) + return len(b), nil +} + +// setV computes and remembers the V level for a given PC +// when vmodule is enabled. +// File pattern matching takes the basename of the file, stripped +// of its .go suffix, and uses filepath.Match, which is a little more +// general than the *? matching used in C++. +// l.mu is held. +func (l *loggingT) setV(pc uintptr) Level { + fn := runtime.FuncForPC(pc) + file, _ := fn.FileLine(pc) + // The file is something like /a/b/c/d.go. We want just the d. + if strings.HasSuffix(file, ".go") { + file = file[:len(file)-3] + } + if slash := strings.LastIndex(file, "/"); slash >= 0 { + file = file[slash+1:] + } + for _, filter := range l.vmodule.filter { + if filter.match(file) { + l.vmap[pc] = filter.level + return filter.level + } + } + l.vmap[pc] = 0 + return 0 +} + +// Verbose is a boolean type that implements Infof (like Printf) etc. +// See the documentation of V for more information. +type Verbose bool + +// V reports whether verbosity at the call site is at least the requested level. +// The returned value is a boolean of type Verbose, which implements Info, Infoln +// and Infof. These methods will write to the Info log if called. +// Thus, one may write either +// if klog.V(2) { klog.Info("log this") } +// or +// klog.V(2).Info("log this") +// The second form is shorter but the first is cheaper if logging is off because it does +// not evaluate its arguments. +// +// Whether an individual call to V generates a log record depends on the setting of +// the -v and --vmodule flags; both are off by default. If the level in the call to +// V is at least the value of -v, or of -vmodule for the source file containing the +// call, the V call will log. +func V(level Level) Verbose { + // This function tries hard to be cheap unless there's work to do. + // The fast path is two atomic loads and compares. + + // Here is a cheap but safe test to see if V logging is enabled globally. + if logging.verbosity.get() >= level { + return Verbose(true) + } + + // It's off globally but it vmodule may still be set. + // Here is another cheap but safe test to see if vmodule is enabled. + if atomic.LoadInt32(&logging.filterLength) > 0 { + // Now we need a proper lock to use the logging structure. The pcs field + // is shared so we must lock before accessing it. This is fairly expensive, + // but if V logging is enabled we're slow anyway. + logging.mu.Lock() + defer logging.mu.Unlock() + if runtime.Callers(2, logging.pcs[:]) == 0 { + return Verbose(false) + } + v, ok := logging.vmap[logging.pcs[0]] + if !ok { + v = logging.setV(logging.pcs[0]) + } + return Verbose(v >= level) + } + return Verbose(false) +} + +// Info is equivalent to the global Info function, guarded by the value of v. +// See the documentation of V for usage. +func (v Verbose) Info(args ...interface{}) { + if v { + logging.print(infoLog, args...) + } +} + +// Infoln is equivalent to the global Infoln function, guarded by the value of v. +// See the documentation of V for usage. +func (v Verbose) Infoln(args ...interface{}) { + if v { + logging.println(infoLog, args...) + } +} + +// Infof is equivalent to the global Infof function, guarded by the value of v. +// See the documentation of V for usage. +func (v Verbose) Infof(format string, args ...interface{}) { + if v { + logging.printf(infoLog, format, args...) + } +} + +// Info logs to the INFO log. +// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. +func Info(args ...interface{}) { + logging.print(infoLog, args...) +} + +// InfoDepth acts as Info but uses depth to determine which call frame to log. +// InfoDepth(0, "msg") is the same as Info("msg"). +func InfoDepth(depth int, args ...interface{}) { + logging.printDepth(infoLog, depth, args...) +} + +// Infoln logs to the INFO log. +// Arguments are handled in the manner of fmt.Println; a newline is always appended. +func Infoln(args ...interface{}) { + logging.println(infoLog, args...) +} + +// Infof logs to the INFO log. +// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. +func Infof(format string, args ...interface{}) { + logging.printf(infoLog, format, args...) +} + +// Warning logs to the WARNING and INFO logs. +// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. +func Warning(args ...interface{}) { + logging.print(warningLog, args...) +} + +// WarningDepth acts as Warning but uses depth to determine which call frame to log. +// WarningDepth(0, "msg") is the same as Warning("msg"). +func WarningDepth(depth int, args ...interface{}) { + logging.printDepth(warningLog, depth, args...) +} + +// Warningln logs to the WARNING and INFO logs. +// Arguments are handled in the manner of fmt.Println; a newline is always appended. +func Warningln(args ...interface{}) { + logging.println(warningLog, args...) +} + +// Warningf logs to the WARNING and INFO logs. +// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. +func Warningf(format string, args ...interface{}) { + logging.printf(warningLog, format, args...) +} + +// Error logs to the ERROR, WARNING, and INFO logs. +// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. +func Error(args ...interface{}) { + logging.print(errorLog, args...) +} + +// ErrorDepth acts as Error but uses depth to determine which call frame to log. +// ErrorDepth(0, "msg") is the same as Error("msg"). +func ErrorDepth(depth int, args ...interface{}) { + logging.printDepth(errorLog, depth, args...) +} + +// Errorln logs to the ERROR, WARNING, and INFO logs. +// Arguments are handled in the manner of fmt.Println; a newline is always appended. +func Errorln(args ...interface{}) { + logging.println(errorLog, args...) +} + +// Errorf logs to the ERROR, WARNING, and INFO logs. +// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. +func Errorf(format string, args ...interface{}) { + logging.printf(errorLog, format, args...) +} + +// Fatal logs to the FATAL, ERROR, WARNING, and INFO logs, +// including a stack trace of all running goroutines, then calls os.Exit(255). +// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. +func Fatal(args ...interface{}) { + logging.print(fatalLog, args...) +} + +// FatalDepth acts as Fatal but uses depth to determine which call frame to log. +// FatalDepth(0, "msg") is the same as Fatal("msg"). +func FatalDepth(depth int, args ...interface{}) { + logging.printDepth(fatalLog, depth, args...) +} + +// Fatalln logs to the FATAL, ERROR, WARNING, and INFO logs, +// including a stack trace of all running goroutines, then calls os.Exit(255). +// Arguments are handled in the manner of fmt.Println; a newline is always appended. +func Fatalln(args ...interface{}) { + logging.println(fatalLog, args...) +} + +// Fatalf logs to the FATAL, ERROR, WARNING, and INFO logs, +// including a stack trace of all running goroutines, then calls os.Exit(255). +// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. +func Fatalf(format string, args ...interface{}) { + logging.printf(fatalLog, format, args...) +} + +// fatalNoStacks is non-zero if we are to exit without dumping goroutine stacks. +// It allows Exit and relatives to use the Fatal logs. +var fatalNoStacks uint32 + +// Exit logs to the FATAL, ERROR, WARNING, and INFO logs, then calls os.Exit(1). +// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. +func Exit(args ...interface{}) { + atomic.StoreUint32(&fatalNoStacks, 1) + logging.print(fatalLog, args...) +} + +// ExitDepth acts as Exit but uses depth to determine which call frame to log. +// ExitDepth(0, "msg") is the same as Exit("msg"). +func ExitDepth(depth int, args ...interface{}) { + atomic.StoreUint32(&fatalNoStacks, 1) + logging.printDepth(fatalLog, depth, args...) +} + +// Exitln logs to the FATAL, ERROR, WARNING, and INFO logs, then calls os.Exit(1). +func Exitln(args ...interface{}) { + atomic.StoreUint32(&fatalNoStacks, 1) + logging.println(fatalLog, args...) +} + +// Exitf logs to the FATAL, ERROR, WARNING, and INFO logs, then calls os.Exit(1). +// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. +func Exitf(format string, args ...interface{}) { + atomic.StoreUint32(&fatalNoStacks, 1) + logging.printf(fatalLog, format, args...) +} diff --git a/vendor/k8s.io/klog/klog_file.go b/vendor/k8s.io/klog/klog_file.go new file mode 100644 index 000000000..e4010ad4d --- /dev/null +++ b/vendor/k8s.io/klog/klog_file.go @@ -0,0 +1,139 @@ +// Go support for leveled logs, analogous to https://code.google.com/p/google-glog/ +// +// Copyright 2013 Google Inc. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// File I/O for logs. + +package klog + +import ( + "errors" + "fmt" + "os" + "os/user" + "path/filepath" + "strings" + "sync" + "time" +) + +// MaxSize is the maximum size of a log file in bytes. +var MaxSize uint64 = 1024 * 1024 * 1800 + +// logDirs lists the candidate directories for new log files. +var logDirs []string + +func createLogDirs() { + if logging.logDir != "" { + logDirs = append(logDirs, logging.logDir) + } + logDirs = append(logDirs, os.TempDir()) +} + +var ( + pid = os.Getpid() + program = filepath.Base(os.Args[0]) + host = "unknownhost" + userName = "unknownuser" +) + +func init() { + h, err := os.Hostname() + if err == nil { + host = shortHostname(h) + } + + current, err := user.Current() + if err == nil { + userName = current.Username + } + + // Sanitize userName since it may contain filepath separators on Windows. + userName = strings.Replace(userName, `\`, "_", -1) +} + +// shortHostname returns its argument, truncating at the first period. +// For instance, given "www.google.com" it returns "www". +func shortHostname(hostname string) string { + if i := strings.Index(hostname, "."); i >= 0 { + return hostname[:i] + } + return hostname +} + +// logName returns a new log file name containing tag, with start time t, and +// the name for the symlink for tag. +func logName(tag string, t time.Time) (name, link string) { + name = fmt.Sprintf("%s.%s.%s.log.%s.%04d%02d%02d-%02d%02d%02d.%d", + program, + host, + userName, + tag, + t.Year(), + t.Month(), + t.Day(), + t.Hour(), + t.Minute(), + t.Second(), + pid) + return name, program + "." + tag +} + +var onceLogDirs sync.Once + +// create creates a new log file and returns the file and its filename, which +// contains tag ("INFO", "FATAL", etc.) and t. If the file is created +// successfully, create also attempts to update the symlink for that tag, ignoring +// errors. +// The startup argument indicates whether this is the initial startup of klog. +// If startup is true, existing files are opened for appending instead of truncated. +func create(tag string, t time.Time, startup bool) (f *os.File, filename string, err error) { + if logging.logFile != "" { + f, err := openOrCreate(logging.logFile, startup) + if err == nil { + return f, logging.logFile, nil + } + return nil, "", fmt.Errorf("log: unable to create log: %v", err) + } + onceLogDirs.Do(createLogDirs) + if len(logDirs) == 0 { + return nil, "", errors.New("log: no log dirs") + } + name, link := logName(tag, t) + var lastErr error + for _, dir := range logDirs { + fname := filepath.Join(dir, name) + f, err := openOrCreate(fname, startup) + if err == nil { + symlink := filepath.Join(dir, link) + os.Remove(symlink) // ignore err + os.Symlink(name, symlink) // ignore err + return f, fname, nil + } + lastErr = err + } + return nil, "", fmt.Errorf("log: cannot create log: %v", lastErr) +} + +// The startup argument indicates whether this is the initial startup of klog. +// If startup is true, existing files are opened for appending instead of truncated. +func openOrCreate(name string, startup bool) (*os.File, error) { + if startup { + f, err := os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666) + return f, err + } + f, err := os.Create(name) + return f, err +} diff --git a/vendor/modules.txt b/vendor/modules.txt index c82286650..b9c9d838f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,6 +1,9 @@ # github.com/beorn7/perks v1.0.1 ## explicit; go 1.11 github.com/beorn7/perks/quantile +# github.com/bpfman/bpfman-operator v0.5.5-0.20241023163832-0bf84bbd3927 +## explicit; go 1.22.0 +github.com/bpfman/bpfman-operator/apis/v1alpha1 # github.com/cespare/xxhash/v2 v2.3.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 @@ -281,7 +284,7 @@ golang.org/x/text/secure/bidirule golang.org/x/text/transform golang.org/x/text/unicode/bidi golang.org/x/text/unicode/norm -# golang.org/x/time v0.5.0 +# golang.org/x/time v0.6.0 ## explicit; go 1.18 golang.org/x/time/rate # golang.org/x/tools v0.26.0 @@ -800,6 +803,9 @@ k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/watchlist k8s.io/client-go/util/workqueue +# k8s.io/klog v1.0.0 +## explicit; go 1.12 +k8s.io/klog # k8s.io/klog/v2 v2.130.1 ## explicit; go 1.18 k8s.io/klog/v2 From 0f9c04308083a0e35a6af3f748d1f17ad809dc02 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Wed, 11 Dec 2024 10:35:56 -0500 Subject: [PATCH 2/3] Add Bytecode image to config package Signed-off-by: Mohamed Mahmoud --- .../flowcollector_validation_webhook.go | 3 ++ .../consoleplugin/consoleplugin_objects.go | 4 +- .../consoleplugin/consoleplugin_test.go | 4 +- controllers/constants/constants.go | 4 +- controllers/ebpf/agent_controller.go | 42 ++++++++----------- controllers/ebpf/bpfmanager-controller.go | 10 ++--- controllers/flowcollector_controller.go | 4 +- controllers/flp/flp_common_objects.go | 4 +- controllers/flp/flp_controller.go | 4 +- controllers/flp/flp_test.go | 14 +++---- controllers/flp/metrics_api_test.go | 2 +- controllers/reconcilers/common.go | 6 +-- main.go | 1 + pkg/manager/config.go | 2 + 14 files changed, 53 insertions(+), 51 deletions(-) diff --git a/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go b/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go index 25499a8bb..fb79a02aa 100644 --- a/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go +++ b/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go @@ -101,6 +101,9 @@ func (r *FlowCollector) validateAgent(_ context.Context, fc *FlowCollector) (adm if slices.Contains(fc.Spec.Agent.EBPF.Features, PacketDrop) && !fc.Spec.Agent.EBPF.Privileged { warnings = append(warnings, "The PacketDrop feature requires eBPF Agent to run in privileged mode") } + if slices.Contains(fc.Spec.Agent.EBPF.Features, EbpfManager) && !fc.Spec.Agent.EBPF.Privileged { + warnings = append(warnings, "The BPF Manager feature requires eBPF Agent to run in privileged mode") + } var errs []error if fc.Spec.Agent.EBPF.FlowFilter != nil && fc.Spec.Agent.EBPF.FlowFilter.Enable != nil && *fc.Spec.Agent.EBPF.FlowFilter.Enable { hasPorts := fc.Spec.Agent.EBPF.FlowFilter.Ports.IntVal > 0 || fc.Spec.Agent.EBPF.FlowFilter.Ports.StrVal != "" diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go index d7573a435..d928c3c73 100644 --- a/controllers/consoleplugin/consoleplugin_objects.go +++ b/controllers/consoleplugin/consoleplugin_objects.go @@ -55,7 +55,7 @@ type builder struct { } func newBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec) builder { - version := helper.ExtractVersion(info.Image) + version := helper.ExtractVersion(info.Images[constants.ControllerBaseImageIndex]) advanced := helper.GetAdvancedPluginConfig(desired.ConsolePlugin.Advanced) return builder{ info: info, @@ -227,7 +227,7 @@ func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec { Spec: corev1.PodSpec{ Containers: []corev1.Container{{ Name: constants.PluginName, - Image: b.info.Image, + Image: b.info.Images[constants.ControllerBaseImageIndex], ImagePullPolicy: corev1.PullPolicy(b.desired.ConsolePlugin.ImagePullPolicy), Resources: *b.desired.ConsolePlugin.Resources.DeepCopy(), VolumeMounts: b.volumes.AppendMounts(volumeMounts), diff --git a/controllers/consoleplugin/consoleplugin_test.go b/controllers/consoleplugin/consoleplugin_test.go index 9db9822fd..8af7033d8 100644 --- a/controllers/consoleplugin/consoleplugin_test.go +++ b/controllers/consoleplugin/consoleplugin_test.go @@ -111,7 +111,7 @@ func getAutoScalerSpecs() (ascv2.HorizontalPodAutoscaler, flowslatest.FlowCollec func getBuilder(spec *flowslatest.FlowCollectorSpec, lk *helper.LokiConfig) builder { info := reconcilers.Common{Namespace: testNamespace, Loki: lk, ClusterInfo: &cluster.Info{}} - b := newBuilder(info.NewInstance(testImage, status.Instance{}), spec) + b := newBuilder(info.NewInstance([]string{testImage}, status.Instance{}), spec) _, _, _ = b.configMap(context.Background()) // build configmap to update builder's volumes return b } @@ -144,7 +144,7 @@ func TestContainerUpdateCheck(t *testing.T) { old = nEw // new image - builder.info.Image = "quay.io/netobserv/network-observability-console-plugin:latest" + builder.info.Images[constants.ControllerBaseImageIndex] = "quay.io/netobserv/network-observability-console-plugin:latest" nEw = builder.deployment("digest") report = helper.NewChangeReport("") assert.True(helper.PodChanged(&old.Spec.Template, &nEw.Spec.Template, constants.PluginName, &report)) diff --git a/controllers/constants/constants.go b/controllers/constants/constants.go index 5faaae4e4..fc3e5b7aa 100644 --- a/controllers/constants/constants.go +++ b/controllers/constants/constants.go @@ -50,7 +50,9 @@ const ( LokiCRReader = "netobserv-reader" PromCRReader = "netobserv-metrics-reader" - EnvTestConsole = "TEST_CONSOLE" + ControllerBaseImageIndex = 0 + EBPFAgentByteCodeImageIndex = 1 + EnvTestConsole = "TEST_CONSOLE" ) var FlowCollectorName = types.NamespacedName{Name: "cluster"} diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go index 5c52c9a78..f171b5673 100644 --- a/controllers/ebpf/agent_controller.go +++ b/controllers/ebpf/agent_controller.go @@ -115,8 +115,6 @@ const ( defaultDNSTrackingPort = "53" bpfmanMapsVolumeName = "bpfman-maps" bpfManBpfFSPath = "/run/netobserv/maps" - mapsVolumeName = "bpf-maps" - bpfFsPath = "/sys/fs/bpf" ) // AgentController reconciles the status of the eBPF agent Daemonset, as well as the @@ -254,7 +252,7 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol if coll == nil { return nil, nil } - version := helper.ExtractVersion(c.Image) + version := helper.ExtractVersion(c.Images[constants.ControllerBaseImageIndex]) annotations := make(map[string]string) env, err := c.envConfig(ctx, coll, annotations) if err != nil { @@ -378,29 +376,25 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol } if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.EbpfManager) { - if !coll.Spec.Agent.EBPF.Privileged { - rlog.Error(fmt.Errorf("invalid configuration"), "To enable BPF Manager feature privileged mode needs to be enabled") - } else { - volume := corev1.Volume{ - Name: bpfmanMapsVolumeName, - VolumeSource: corev1.VolumeSource{ - CSI: &corev1.CSIVolumeSource{ - Driver: "csi.bpfman.io", - VolumeAttributes: map[string]string{ - "csi.bpfman.io/program": "netobserv", - "csi.bpfman.io/maps": "aggregated_flows,direct_flows,dns_flows,filter_map,global_counters,packet_record", - }, + volume := corev1.Volume{ + Name: bpfmanMapsVolumeName, + VolumeSource: corev1.VolumeSource{ + CSI: &corev1.CSIVolumeSource{ + Driver: "csi.bpfman.io", + VolumeAttributes: map[string]string{ + "csi.bpfman.io/program": "netobserv", + "csi.bpfman.io/maps": "aggregated_flows,direct_flows,dns_flows,filter_map,global_counters,packet_record", }, }, - } - volumes = append(volumes, volume) - volumeMount := corev1.VolumeMount{ - Name: bpfmanMapsVolumeName, - MountPath: bpfManBpfFSPath, - MountPropagation: newMountPropagationMode(corev1.MountPropagationBidirectional), - } - volumeMounts = append(volumeMounts, volumeMount) + }, } + volumes = append(volumes, volume) + volumeMount := corev1.VolumeMount{ + Name: bpfmanMapsVolumeName, + MountPath: bpfManBpfFSPath, + MountPropagation: newMountPropagationMode(corev1.MountPropagationBidirectional), + } + volumeMounts = append(volumeMounts, volumeMount) } advancedConfig := helper.GetAdvancedAgentConfig(coll.Spec.Agent.EBPF.Advanced) @@ -431,7 +425,7 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol Volumes: volumes, Containers: []corev1.Container{{ Name: constants.EBPFAgentName, - Image: c.Image, + Image: c.Images[constants.ControllerBaseImageIndex], ImagePullPolicy: corev1.PullPolicy(coll.Spec.Agent.EBPF.ImagePullPolicy), Resources: coll.Spec.Agent.EBPF.Resources, SecurityContext: c.securityContext(coll), diff --git a/controllers/ebpf/bpfmanager-controller.go b/controllers/ebpf/bpfmanager-controller.go index ff76645c4..71010199a 100644 --- a/controllers/ebpf/bpfmanager-controller.go +++ b/controllers/ebpf/bpfmanager-controller.go @@ -4,6 +4,7 @@ import ( "context" "encoding/binary" "fmt" + "github.com/netobserv/network-observability-operator/controllers/constants" "github.com/netobserv/network-observability-operator/pkg/helper" "github.com/sirupsen/logrus" @@ -17,8 +18,7 @@ import ( ) const ( - netobservApp = "netobserv" - netobservBCImage = "quay.io/netobserv/ebpf-bytecode:latest" + netobservApp = "netobserv" ) // bpfmanDetachNetobserv find BpfmanApplication object with all required ebpf hooks and detaches them using bpfman manager @@ -63,7 +63,7 @@ func (c *AgentController) bpfmanAttachNetobserv(ctx context.Context, fc *flowsla err = c.Get(ctx, key, &bpfApp) if err != nil { if errors.IsNotFound(err) { - prepareBpfApplication(&bpfApp, fc) + prepareBpfApplication(&bpfApp, fc, c.Images[constants.EBPFAgentByteCodeImageIndex]) err = c.createBpfApplication(ctx, &bpfApp) if err != nil { return fmt.Errorf("failed to create BpfApplication: %w for obj: %s", err, fc.Name) @@ -73,7 +73,7 @@ func (c *AgentController) bpfmanAttachNetobserv(ctx context.Context, fc *flowsla } } else { // object exists repopulate it with the new configuration and update it - prepareBpfApplication(&bpfApp, fc) + prepareBpfApplication(&bpfApp, fc, c.Images[constants.EBPFAgentByteCodeImageIndex]) err = c.updateBpfApplication(ctx, &bpfApp) if err != nil { return fmt.Errorf("failed to update BpfApplication: %w for obj: %s", err, fc.Name) @@ -83,7 +83,7 @@ func (c *AgentController) bpfmanAttachNetobserv(ctx context.Context, fc *flowsla return err } -func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.BpfApplication, fc *flowslatest.FlowCollector) { +func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.BpfApplication, fc *flowslatest.FlowCollector, netobservBCImage string) { interfaces := fc.Spec.Agent.EBPF.Interfaces samplingValue := make([]byte, 4) diff --git a/controllers/flowcollector_controller.go b/controllers/flowcollector_controller.go index d6a8e190b..83d447b39 100644 --- a/controllers/flowcollector_controller.go +++ b/controllers/flowcollector_controller.go @@ -133,7 +133,7 @@ func (r *FlowCollectorReconciler) reconcile(ctx context.Context, clh *helper.Cli r.watcher.Reset(ns) // Create reconcilers - cpReconciler := consoleplugin.NewReconciler(reconcilersInfo.NewInstance(r.mgr.Config.ConsolePluginImage, r.status)) + cpReconciler := consoleplugin.NewReconciler(reconcilersInfo.NewInstance([]string{r.mgr.Config.ConsolePluginImage}, r.status)) // Check namespace changed if ns != previousNamespace { @@ -151,7 +151,7 @@ func (r *FlowCollectorReconciler) reconcile(ctx context.Context, clh *helper.Cli } // eBPF agent - ebpfAgentController := ebpf.NewAgentController(reconcilersInfo.NewInstance(r.mgr.Config.EBPFAgentImage, r.status)) + ebpfAgentController := ebpf.NewAgentController(reconcilersInfo.NewInstance([]string{r.mgr.Config.EBPFAgentImage, r.mgr.Config.EBPFByteCodeImage}, r.status)) if err := ebpfAgentController.Reconcile(ctx, desired); err != nil { return r.status.Error("ReconcileAgentFailed", err) } diff --git a/controllers/flp/flp_common_objects.go b/controllers/flp/flp_common_objects.go index 32dbd063f..2b5938395 100644 --- a/controllers/flp/flp_common_objects.go +++ b/controllers/flp/flp_common_objects.go @@ -68,7 +68,7 @@ type Builder struct { type builder = Builder func NewBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel, ck ConfKind) (Builder, error) { - version := helper.ExtractVersion(info.Image) + version := helper.ExtractVersion(info.Images[constants.ControllerBaseImageIndex]) name := name(ck) var promTLS *flowslatest.CertificateReference switch desired.Processor.Metrics.Server.TLS.Type { @@ -203,7 +203,7 @@ func (b *builder) podTemplate(hasHostPort, hostNetwork bool, annotations map[str container := corev1.Container{ Name: constants.FLPName, - Image: b.info.Image, + Image: b.info.Images[constants.ControllerBaseImageIndex], ImagePullPolicy: corev1.PullPolicy(b.desired.Processor.ImagePullPolicy), Args: []string{fmt.Sprintf(`--config=%s/%s`, configPath, configFile)}, Resources: *b.desired.Processor.Resources.DeepCopy(), diff --git a/controllers/flp/flp_controller.go b/controllers/flp/flp_controller.go index 1fa1f1921..47b9429b5 100644 --- a/controllers/flp/flp_controller.go +++ b/controllers/flp/flp_controller.go @@ -151,8 +151,8 @@ func (r *Reconciler) reconcile(ctx context.Context, clh *helper.Client, fc *flow // TODO: refactor to move these subReconciler allocations in `Start`. It will involve some decoupling work, as currently // `reconcilers.Common` is dependent on the FlowCollector object, which isn't known at start time. reconcilers := []subReconciler{ - newMonolithReconciler(cmn.NewInstance(r.mgr.Config.FlowlogsPipelineImage, r.mgr.Status.ForComponent(status.FLPMonolith))), - newTransformerReconciler(cmn.NewInstance(r.mgr.Config.FlowlogsPipelineImage, r.mgr.Status.ForComponent(status.FLPTransformOnly))), + newMonolithReconciler(cmn.NewInstance([]string{r.mgr.Config.FlowlogsPipelineImage}, r.mgr.Status.ForComponent(status.FLPMonolith))), + newTransformerReconciler(cmn.NewInstance([]string{r.mgr.Config.FlowlogsPipelineImage}, r.mgr.Status.ForComponent(status.FLPTransformOnly))), } // Check namespace changed diff --git a/controllers/flp/flp_test.go b/controllers/flp/flp_test.go index 5158a61a9..062e57383 100644 --- a/controllers/flp/flp_test.go +++ b/controllers/flp/flp_test.go @@ -170,14 +170,14 @@ func getAutoScalerSpecs() (ascv2.HorizontalPodAutoscaler, flowslatest.FlowCollec func monoBuilder(ns string, cfg *flowslatest.FlowCollectorSpec) monolithBuilder { loki := helper.NewLokiConfig(&cfg.Loki, "any") info := reconcilers.Common{Namespace: ns, Loki: &loki, ClusterInfo: &cluster.Info{}} - b, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil) + b, _ := newMonolithBuilder(info.NewInstance([]string{image}, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil) return b } func transfBuilder(ns string, cfg *flowslatest.FlowCollectorSpec) transfoBuilder { loki := helper.NewLokiConfig(&cfg.Loki, "any") info := reconcilers.Common{Namespace: ns, Loki: &loki, ClusterInfo: &cluster.Info{}} - b, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil) + b, _ := newTransfoBuilder(info.NewInstance([]string{image}, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil) return b } @@ -552,7 +552,7 @@ func TestServiceMonitorChanged(t *testing.T) { // Check labels change info := reconcilers.Common{Namespace: "namespace2", ClusterInfo: &cluster.Info{}} - b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil) + b, _ = newMonolithBuilder(info.NewInstance([]string{image2}, status.Instance{}), &cfg, b.generic.flowMetrics, nil) third := b.generic.serviceMonitor() report = helper.NewChangeReport("") @@ -560,7 +560,7 @@ func TestServiceMonitorChanged(t *testing.T) { assert.Contains(report.String(), "ServiceMonitor labels changed") // Check scheme changed - b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil) + b, _ = newMonolithBuilder(info.NewInstance([]string{image2}, status.Instance{}), &cfg, b.generic.flowMetrics, nil) fourth := b.generic.serviceMonitor() fourth.Spec.Endpoints[0].Scheme = "https" @@ -605,7 +605,7 @@ func TestPrometheusRuleChanged(t *testing.T) { // Check labels change info := reconcilers.Common{Namespace: "namespace2", ClusterInfo: &cluster.Info{}} - b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil) + b, _ = newMonolithBuilder(info.NewInstance([]string{image2}, status.Instance{}), &cfg, b.generic.flowMetrics, nil) third := b.generic.prometheusRule() report = helper.NewChangeReport("") @@ -754,8 +754,8 @@ func TestLabels(t *testing.T) { cfg := getConfig() info := reconcilers.Common{Namespace: "ns", ClusterInfo: &cluster.Info{}} - builder, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) - tBuilder, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) + builder, _ := newMonolithBuilder(info.NewInstance([]string{image}, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) + tBuilder, _ := newTransfoBuilder(info.NewInstance([]string{image}, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil) // Deployment depl := tBuilder.deployment(annotate("digest")) diff --git a/controllers/flp/metrics_api_test.go b/controllers/flp/metrics_api_test.go index 72e20c63d..ba6bff24a 100644 --- a/controllers/flp/metrics_api_test.go +++ b/controllers/flp/metrics_api_test.go @@ -35,7 +35,7 @@ func defaultBuilderWithMetrics(metrics *metricslatest.FlowMetricList) (monolithB cfg := getConfig() loki := helper.NewLokiConfig(&cfg.Loki, "any") info := reconcilers.Common{Namespace: "namespace", Loki: &loki, ClusterInfo: &cluster.Info{}} - return newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, metrics, nil) + return newMonolithBuilder(info.NewInstance([]string{image}, status.Instance{}), &cfg, metrics, nil) } func metric(metrics api.MetricsItems, name string) *api.MetricsItem { diff --git a/controllers/reconcilers/common.go b/controllers/reconcilers/common.go index 73ef3bf1f..df8051f12 100644 --- a/controllers/reconcilers/common.go +++ b/controllers/reconcilers/common.go @@ -33,16 +33,16 @@ func (c *Common) PreviousPrivilegedNamespace() string { type Instance struct { *Common Managed *NamespacedObjectManager - Image string + Images []string Status status.Instance } -func (c *Common) NewInstance(image string, st status.Instance) *Instance { +func (c *Common) NewInstance(images []string, st status.Instance) *Instance { managed := NewNamespacedObjectManager(c) return &Instance{ Common: c, Managed: managed, - Image: image, + Images: images, Status: st, } } diff --git a/main.go b/main.go index 552316e8b..8037b4bc6 100644 --- a/main.go +++ b/main.go @@ -104,6 +104,7 @@ func main() { flag.StringVar(&config.EBPFAgentImage, "ebpf-agent-image", "quay.io/netobserv/netobserv-ebpf-agent:main", "The image of the eBPF agent") flag.StringVar(&config.FlowlogsPipelineImage, "flowlogs-pipeline-image", "quay.io/netobserv/flowlogs-pipeline:main", "The image of Flowlogs Pipeline") flag.StringVar(&config.ConsolePluginImage, "console-plugin-image", "quay.io/netobserv/network-observability-console-plugin:main", "The image of the Console Plugin") + flag.StringVar(&config.EBPFByteCodeImage, "ebpf-bytecode-image", "quay.io/netobserv/ebpf-bytecode:main", "The EBPF bytecode for the eBPF agent") flag.BoolVar(&config.DownstreamDeployment, "downstream-deployment", false, "Either this deployment is a downstream deployment ot not") flag.BoolVar(&enableHTTP2, "enable-http2", enableHTTP2, "If HTTP/2 should be enabled for the metrics and webhook servers.") flag.BoolVar(&versionFlag, "v", false, "print version") diff --git a/pkg/manager/config.go b/pkg/manager/config.go index 57173bb17..8a7032322 100644 --- a/pkg/manager/config.go +++ b/pkg/manager/config.go @@ -12,6 +12,8 @@ type Config struct { FlowlogsPipelineImage string // ConsolePluginImage is the image of the Console Plugin that is managed by the operator ConsolePluginImage string + // EBPFByteCodeImage is the ebpf byte code image used by EBPF Manager + EBPFByteCodeImage string // Release kind is either upstream or downstream DownstreamDeployment bool } From 3c796589a7a3d33fe68f3a1ce32d636a353e5bcb Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 12 Dec 2024 13:20:41 -0500 Subject: [PATCH 3/3] Add additional flow metrics map Signed-off-by: Mohamed Mahmoud --- controllers/ebpf/agent_controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go index f171b5673..a6b511593 100644 --- a/controllers/ebpf/agent_controller.go +++ b/controllers/ebpf/agent_controller.go @@ -383,7 +383,7 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol Driver: "csi.bpfman.io", VolumeAttributes: map[string]string{ "csi.bpfman.io/program": "netobserv", - "csi.bpfman.io/maps": "aggregated_flows,direct_flows,dns_flows,filter_map,global_counters,packet_record", + "csi.bpfman.io/maps": "aggregated_flows,additional_flow_metrics,direct_flows,dns_flows,filter_map,global_counters,packet_record", }, }, },