API Specification
Packages:
bpfman.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the bpfman.io API group.
Resource Types:
- BpfProgram
- FentryProgram
- FexitProgram
- KprobeProgram
- TcProgram
- TracepointProgram
- UprobeProgram
- XdpProgram
BpfProgram ¶
BpfProgram is the Schema for the Bpfprograms API
Field | Description | ||
---|---|---|---|
apiVersion
string |
bpfman.io/v1alpha1
|
||
kind
string
|
BpfProgram |
||
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec
BpfProgramSpec
|
|
||
status
BpfProgramStatus
|
(Optional) |
FentryProgram ¶
FentryProgram is the Schema for the FentryPrograms API
Field | Description | ||||
---|---|---|---|---|---|
apiVersion
string |
bpfman.io/v1alpha1
|
||||
kind
string
|
FentryProgram |
||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||
spec
FentryProgramSpec
|
|
||||
status
FentryProgramStatus
|
(Optional) |
FexitProgram ¶
FexitProgram is the Schema for the FexitPrograms API
Field | Description | ||||
---|---|---|---|---|---|
apiVersion
string |
bpfman.io/v1alpha1
|
||||
kind
string
|
FexitProgram |
||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||
spec
FexitProgramSpec
|
|
||||
status
FexitProgramStatus
|
(Optional) |
KprobeProgram ¶
KprobeProgram is the Schema for the KprobePrograms API
Field | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
apiVersion
string |
bpfman.io/v1alpha1
|
||||||||
kind
string
|
KprobeProgram |
||||||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||
spec
KprobeProgramSpec
|
|
||||||||
status
KprobeProgramStatus
|
(Optional) |
TcProgram ¶
TcProgram is the Schema for the TcProgram API
Field | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion
string |
bpfman.io/v1alpha1
|
||||||||||
kind
string
|
TcProgram |
||||||||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||
spec
TcProgramSpec
|
|
||||||||||
status
TcProgramStatus
|
(Optional) |
TracepointProgram ¶
TracepointProgram is the Schema for the TracepointPrograms API
Field | Description | ||||
---|---|---|---|---|---|
apiVersion
string |
bpfman.io/v1alpha1
|
||||
kind
string
|
TracepointProgram |
||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||
spec
TracepointProgramSpec
|
|
||||
status
TracepointProgramStatus
|
(Optional) |
UprobeProgram ¶
UprobeProgram is the Schema for the UprobePrograms API
Field | Description | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion
string |
bpfman.io/v1alpha1
|
||||||||||||||
kind
string
|
UprobeProgram |
||||||||||||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||
spec
UprobeProgramSpec
|
|
||||||||||||||
status
UprobeProgramStatus
|
(Optional) |
XdpProgram ¶
XdpProgram is the Schema for the XdpPrograms API
Field | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
apiVersion
string |
bpfman.io/v1alpha1
|
||||||||
kind
string
|
XdpProgram |
||||||||
metadata
Kubernetes meta/v1.ObjectMeta
|
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||
spec
XdpProgramSpec
|
|
||||||||
status
XdpProgramStatus
|
(Optional) |
BpfProgramCommon ¶
(Appears on: FentryProgramSpec, FexitProgramSpec, KprobeProgramSpec, TcProgramSpec, TracepointProgramSpec, UprobeProgramSpec, XdpProgramSpec)
BpfProgramCommon defines the common attributes for all BPF programs
Field | Description |
---|---|
bpffunctionname
string
|
BpfFunctionName is the name of the function that is the entry point for the BPF program |
nodeselector
Kubernetes meta/v1.LabelSelector
|
NodeSelector allows the user to specify which nodes to deploy the bpf program to. This field must be specified, to select all nodes use standard metav1.LabelSelector semantics and make it empty. |
bytecode
BytecodeSelector
|
Bytecode configures where the bpf program’s bytecode should be loaded from. |
globaldata
map[string][]byte
|
(Optional)
GlobalData allows the user to to set global variables when the program is loaded with an array of raw bytes. This is a very low level primitive. The caller is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. |
mapownerselector
Kubernetes meta/v1.LabelSelector
|
(Optional)
MapOwnerSelector is used to select the loaded eBPF program this eBPF program will share a map with. The value is a label applied to the BpfProgram to select. The selector must resolve to exactly one instance of a BpfProgram on a given node or the eBPF program will not load. |
BpfProgramConditionType
(string
alias)¶
BpfProgramConditionType is a condition type to indicate the status of a BPF program at the individual node level.
Value | Description |
---|---|
"BytecodeSelectorError" |
BpfProgCondByteCodeError indicates that an error occured when trying to process the bytecode selector. |
"Loaded" |
BpfProgCondLoaded indicates that the eBPF program was successfully loaded into the kernel on a specific node. |
"MapOwnerNotFound" |
BpfProgCondMapOwnerNotFound indicates that the eBPF program sharing a map with another eBPF program and that program does not exist. |
"MapOwnerNotLoaded" |
BpfProgCondMapOwnerNotLoaded indicates that the eBPF program sharing a map with another eBPF program and that program is not loaded. |
"NoContainersOnNode" |
BpfProgCondNoContainersOnNode indicates that there are no containers on the node that match the container selector. |
"None" |
None of the above conditions apply |
"NotLoaded" |
BpfProgCondNotLoaded indicates that the eBPF program has not yet been loaded into the kernel on a specific node. |
"NotSelected" |
BpfProgCondNotSelected indicates that the eBPF program is not scheduled to be loaded on a specific node. |
"NotUnLoaded" |
BpfProgCondUnloaded indicates that in the midst of trying to remove the eBPF program from the kernel on the node, that program has not yet been removed. |
"Unloaded" |
BpfProgCondUnloaded indicates that the eBPF program has been unloaded from the kernel on a specific node. |
BpfProgramSpec ¶
(Appears on: BpfProgram)
BpfProgramSpec defines the desired state of BpfProgram
Field | Description |
---|---|
type
string
|
(Optional)
Type specifies the bpf program type |
BpfProgramStatus ¶
(Appears on: BpfProgram)
BpfProgramStatus defines the observed state of BpfProgram TODO Make these a fixed set of metav1.Condition.types and metav1.Condition.reasons
Field | Description |
---|---|
conditions
[]Kubernetes meta/v1.Condition
|
Conditions houses the updates regarding the actual implementation of the bpf program on the node Known .status.conditions.type are: “Available”, “Progressing”, and “Degraded” |
BytecodeImage ¶
(Appears on: BytecodeSelector)
BytecodeImage defines how to specify a bytecode container image.
Field | Description |
---|---|
url
string
|
Valid container image URL used to reference a remote bytecode image. |
imagepullpolicy
PullPolicy
|
(Optional)
PullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent. |
imagepullsecret
ImagePullSecretSelector
|
(Optional)
ImagePullSecret is the name of the secret bpfman should use to get remote image repository secrets. |
BytecodeSelector ¶
(Appears on: BpfProgramCommon)
BytecodeSelector defines the various ways to reference bpf bytecode objects.
Field | Description |
---|---|
image
BytecodeImage
|
Image used to specify a bytecode container image. |
path
string
|
Path is used to specify a bytecode object via filepath. |
ContainerSelector ¶
(Appears on: UprobeProgramSpec)
ContainerSelector identifies a set of containers. For example, this can be used to identify a set of containers in which to attach uprobes.
Field | Description |
---|---|
namespace
string
|
(Optional)
Target namespaces. |
pods
Kubernetes meta/v1.LabelSelector
|
Target pods. This field must be specified, to select all pods use standard metav1.LabelSelector semantics and make it empty. |
containernames
[]string
|
(Optional)
Name(s) of container(s). If none are specified, all containers in the pod are selected. |
FentryProgramSpec ¶
(Appears on: FentryProgram)
FentryProgramSpec defines the desired state of FentryProgram
Field | Description |
---|---|
BpfProgramCommon
BpfProgramCommon
|
(Members of |
func_name
string
|
Function to attach the fentry to. |
FentryProgramStatus ¶
(Appears on: FentryProgram)
FentryProgramStatus defines the observed state of FentryProgram
Field | Description |
---|---|
conditions
[]Kubernetes meta/v1.Condition
|
Conditions houses the global cluster state for the FentryProgram. The explicit condition types are defined internally. |
FexitProgramSpec ¶
(Appears on: FexitProgram)
FexitProgramSpec defines the desired state of FexitProgram
Field | Description |
---|---|
BpfProgramCommon
BpfProgramCommon
|
(Members of |
func_name
string
|
Function to attach the fexit to. |
FexitProgramStatus ¶
(Appears on: FexitProgram)
FexitProgramStatus defines the observed state of FexitProgram
Field | Description |
---|---|
conditions
[]Kubernetes meta/v1.Condition
|
Conditions houses the global cluster state for the FexitProgram. The explicit condition types are defined internally. |
ImagePullSecretSelector ¶
(Appears on: BytecodeImage)
ImagePullSecretSelector defines the name and namespace of an image pull secret.
Field | Description |
---|---|
name
string
|
Name of the secret which contains the credentials to access the image repository. |
namespace
string
|
Namespace of the secret which contains the credentials to access the image repository. |
InterfaceSelector ¶
(Appears on: TcProgramSpec, XdpProgramSpec)
InterfaceSelector defines interface to attach to.
Field | Description |
---|---|
interfaces
[]string
|
(Optional)
Interfaces refers to a list of network interfaces to attach the BPF program to. |
primarynodeinterface
bool
|
(Optional)
Attach BPF program to the primary interface on the node. Only ‘true’ accepted. |
KprobeProgramSpec ¶
(Appears on: KprobeProgram)
KprobeProgramSpec defines the desired state of KprobeProgram
Field | Description |
---|---|
BpfProgramCommon
BpfProgramCommon
|
(Members of |
func_name
string
|
Functions to attach the kprobe to. |
offset
uint64
|
(Optional)
Offset added to the address of the function for kprobe. Not allowed for kretprobes. |
retprobe
bool
|
(Optional)
Whether the program is a kretprobe. Default is false |
KprobeProgramStatus ¶
(Appears on: KprobeProgram)
KprobeProgramStatus defines the observed state of KprobeProgram
Field | Description |
---|---|
conditions
[]Kubernetes meta/v1.Condition
|
Conditions houses the global cluster state for the KprobeProgram. The explicit condition types are defined internally. |
ProgramConditionType
(string
alias)¶
ProgramConditionType is a condition type to indicate the status of a BPF program at the cluster level.
Value | Description |
---|---|
"DeleteError" |
ProgramDeleteError indicates that the BPF program was marked for deletion, but deletion was unsuccessful. |
"NotYetLoaded" |
ProgramNotYetLoaded indicates that the program in question has not yet been loaded on all nodes in the cluster. |
"ReconcileError" |
ProgramReconcileError indicates that an unforseen situation has occurred in the controller logic, and the controller will retry. |
"ReconcileSuccess" |
BpfmanProgConfigReconcileSuccess indicates that the BPF program has been successfully reconciled. TODO: we should consider removing “reconciled” type logic from the public API as it’s an implementation detail of our use of controller runtime, but not necessarily relevant to human users or integrations. |
PullPolicy
(string
alias)¶
(Appears on: BytecodeImage)
PullPolicy describes a policy for if/when to pull a container image
Value | Description |
---|---|
"Always" |
PullAlways means that bpfman always attempts to pull the latest bytecode image. Container will fail If the pull fails. |
"IfNotPresent" |
PullIfNotPresent means that bpfman pulls if the image isn’t present on disk. Container will fail if the image isn’t present and the pull fails. |
"Never" |
PullNever means that bpfman never pulls an image, but only uses a local image. Container will fail if the image isn’t present |
TcProceedOnValue
(string
alias)¶
(Appears on: TcProgramSpec)
TcProgramSpec ¶
(Appears on: TcProgram)
TcProgramSpec defines the desired state of TcProgram
Field | Description |
---|---|
BpfProgramCommon
BpfProgramCommon
|
(Members of |
interfaceselector
InterfaceSelector
|
Selector to determine the network interface (or interfaces) |
priority
int32
|
Priority specifies the priority of the tc program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence. |
direction
string
|
Direction specifies the direction of traffic the tc program should attach to for a given network device. |
proceedon
[]TcProceedOnValue
|
(Optional)
ProceedOn allows the user to call other tc programs in chain on this exit code. Multiple values are supported by repeating the parameter. |
TcProgramStatus ¶
(Appears on: TcProgram)
TcProgramStatus defines the observed state of TcProgram
Field | Description |
---|---|
conditions
[]Kubernetes meta/v1.Condition
|
Conditions houses the global cluster state for the TcProgram. The explicit condition types are defined internally. |
TracepointProgramSpec ¶
(Appears on: TracepointProgram)
TracepointProgramSpec defines the desired state of TracepointProgram
Field | Description |
---|---|
BpfProgramCommon
BpfProgramCommon
|
(Members of |
names
[]string
|
Names refers to the names of kernel tracepoints to attach the bpf program to. |
TracepointProgramStatus ¶
(Appears on: TracepointProgram)
TracepointProgramStatus defines the observed state of TracepointProgram
Field | Description |
---|---|
conditions
[]Kubernetes meta/v1.Condition
|
Conditions houses the global cluster state for the TracepointProgram. The explicit condition types are defined internally. |
UprobeProgramSpec ¶
(Appears on: UprobeProgram)
UprobeProgramSpec defines the desired state of UprobeProgram
Field | Description |
---|---|
BpfProgramCommon
BpfProgramCommon
|
(Members of |
func_name
string
|
(Optional)
Function to attach the uprobe to. |
offset
uint64
|
(Optional)
Offset added to the address of the function for uprobe. |
target
string
|
Library name or the absolute path to a binary or library. |
retprobe
bool
|
(Optional)
Whether the program is a uretprobe. Default is false |
pid
int32
|
(Optional)
Only execute uprobe for given process identification number (PID). If PID is not provided, uprobe executes for all PIDs. |
containers
ContainerSelector
|
(Optional)
Containers identifes the set of containers in which to attach the uprobe. If Containers is not specified, the uprobe will be attached in the bpfman-agent container. The ContainerSelector is very flexible and even allows the selection of all containers in a cluster. If an attempt is made to attach uprobes to too many containers, it can have a negative impact on on the cluster. |
UprobeProgramStatus ¶
(Appears on: UprobeProgram)
UprobeProgramStatus defines the observed state of UprobeProgram
Field | Description |
---|---|
conditions
[]Kubernetes meta/v1.Condition
|
Conditions houses the global cluster state for the UprobeProgram. The explicit condition types are defined internally. |
XdpProceedOnValue
(string
alias)¶
(Appears on: XdpProgramSpec)
XdpProgramSpec ¶
(Appears on: XdpProgram)
XdpProgramSpec defines the desired state of XdpProgram
Field | Description |
---|---|
BpfProgramCommon
BpfProgramCommon
|
(Members of |
interfaceselector
InterfaceSelector
|
Selector to determine the network interface (or interfaces) |
priority
int32
|
Priority specifies the priority of the bpf program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence. |
proceedon
[]XdpProceedOnValue
|
XdpProgramStatus ¶
(Appears on: XdpProgram)
XdpProgramStatus defines the observed state of XdpProgram
Field | Description |
---|---|
conditions
[]Kubernetes meta/v1.Condition
|
Conditions houses the global cluster state for the XdpProgram. The explicit condition types are defined internally. |
Generated with gen-crd-api-reference-docs
.