From 7f4e1b83106b0bfd64fe3a49e663cc5707ca61dc Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 23 May 2024 07:43:28 -0400 Subject: [PATCH 1/2] enable GH actions workflow Signed-off-by: Mohamed Mahmoud --- .github/dependabot.yml | 14 + .github/workflows/image-build.yaml | 122 ++ .github/workflows/pull_request.yml | 39 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 152 +++ ...rization.k8s.io_v1_clusterrolebinding.yaml | 19 + ...c.authorization.k8s.io_v1_rolebinding.yaml | 19 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 31 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 27 + .../manifests/bpfman-config_v1_configmap.yaml | 15 + ...er-manager-metrics-service_v1_service.yaml | 23 + .../bpfman-daemon_v1_serviceaccount.yaml | 5 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 17 + ...bpfman-operator.clusterserviceversion.yaml | 1000 +++++++++++++++++ ...rization.k8s.io_v1_clusterrolebinding.yaml | 13 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 14 + bundle/manifests/bpfman.io_bpfprograms.yaml | 150 +++ .../manifests/bpfman.io_fentryprograms.yaml | 311 +++++ bundle/manifests/bpfman.io_fexitprograms.yaml | 311 +++++ .../manifests/bpfman.io_kprobeprograms.yaml | 333 ++++++ bundle/manifests/bpfman.io_tcprograms.yaml | 379 +++++++ .../bpfman.io_tracepointprograms.yaml | 315 ++++++ .../manifests/bpfman.io_uprobeprograms.yaml | 414 +++++++ bundle/manifests/bpfman.io_xdpprograms.yaml | 358 ++++++ bundle/metadata/annotations.yaml | 14 + bundle/metadata/dependencies.yaml | 6 + bundle/tests/scorecard/config.yaml | 70 ++ 26 files changed, 4171 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/image-build.yaml create mode 100644 .github/workflows/pull_request.yml create mode 100644 bundle/manifests/bpfman-agent-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 bundle/manifests/bpfman-agent-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml create mode 100644 bundle/manifests/bpfman-agent-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml create mode 100644 bundle/manifests/bpfman-bpfprogram-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 bundle/manifests/bpfman-bpfprogram-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 bundle/manifests/bpfman-config_v1_configmap.yaml create mode 100644 bundle/manifests/bpfman-controller-manager-metrics-service_v1_service.yaml create mode 100644 bundle/manifests/bpfman-daemon_v1_serviceaccount.yaml create mode 100644 bundle/manifests/bpfman-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 bundle/manifests/bpfman-operator.clusterserviceversion.yaml create mode 100644 bundle/manifests/bpfman-privileged-scc_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml create mode 100644 bundle/manifests/bpfman-user_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 bundle/manifests/bpfman.io_bpfprograms.yaml create mode 100644 bundle/manifests/bpfman.io_fentryprograms.yaml create mode 100644 bundle/manifests/bpfman.io_fexitprograms.yaml create mode 100644 bundle/manifests/bpfman.io_kprobeprograms.yaml create mode 100644 bundle/manifests/bpfman.io_tcprograms.yaml create mode 100644 bundle/manifests/bpfman.io_tracepointprograms.yaml create mode 100644 bundle/manifests/bpfman.io_uprobeprograms.yaml create mode 100644 bundle/manifests/bpfman.io_xdpprograms.yaml create mode 100644 bundle/metadata/annotations.yaml create mode 100644 bundle/metadata/dependencies.yaml create mode 100644 bundle/tests/scorecard/config.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..c01e3244a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "gomod" + directory: / + schedule: + interval: weekly + groups: + production-dependencies: + dependency-type: production + development-dependencies: + dependency-type: development diff --git a/.github/workflows/image-build.yaml b/.github/workflows/image-build.yaml new file mode 100644 index 000000000..3dd7f7c6b --- /dev/null +++ b/.github/workflows/image-build.yaml @@ -0,0 +1,122 @@ +name: bpfman-image-build + +on: # yamllint disable-line rule:truthy + push: + branches: [main] + tags: + - v* + + pull_request: + paths: [.github/workflows/image-build.yaml] + +jobs: + build-and-push-images: + permissions: + contents: read + packages: write + id-token: write # needed for signing the images with GitHub OIDC Token + + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + image: + - registry: quay.io + build_language: go + repository: bpfman + image: bpfman-agent + dockerfile: ./Containerfile.bpfman-agent + context: . + tags: | + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha,format=long + # set latest tag for default branch + type=raw,value=latest,enable={{is_default_branch}} + + - registry: quay.io + build_language: go + repository: bpfman + image: bpfman-operator + dockerfile: ./Containerfile.bpfman-operator + context: . + tags: | + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha,format=long + # set latest tag for default branch + type=raw,value=latest,enable={{is_default_branch}} + + - registry: quay.io + build_language: go + repository: bpfman + image: bpfman-operator-bundle + context: . + dockerfile: ./Containerfile.bundle + tags: | + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha,format=long + # set latest tag for default branch + type=raw,value=latest,enable={{is_default_branch}} + + name: Build Image (${{ matrix.image.image }}) + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-go@v5 + if: ${{ matrix.image.build_language == 'go' }} + with: + # prettier-ignore + go-version: '1.21' # yamllint disable-line rule:quoted-strings + + - uses: sigstore/cosign-installer@v3.5.0 + + - name: Generate olm bundle on disk + if: ${{ matrix.image.image == 'bpfman-operator-bundle' }} + run: | + make bundle + + - name: Login to quay.io/bpfman + uses: redhat-actions/podman-login@v1 + if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman'}} + with: + registry: ${{ matrix.image.registry }} + username: ${{ secrets.BPFMAN_USERNAME }} + password: ${{ secrets.BPFMAN_ROBOT_TOKEN }} + + - name: Extract metadata (tags, labels) for image + id: meta + uses: docker/metadata-action@v5.5.1 + with: + images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} + tags: ${{ matrix.image.tags }} + + - name: Build image + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ matrix.image.image }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + containerfiles: ${{ matrix.image.dockerfile }} + build-args: ${{ matrix.image.build_args }} + context: ${{ matrix.image.context }} + + - name: Push to registry + id: push-image + uses: redhat-actions/push-to-registry@v2 + if: ${{ github.event_name == 'push' }} + with: + tags: ${{ steps.meta.outputs.tags }} + + - name: Sign the images with GitHub OIDC Token + if: ${{ github.event_name == 'push' }} + run: | + readarray -t tags <<<"${{ steps.meta.outputs.tags }}" + for tag in ${tags[@]}; do + cosign sign -y "${tag}@${{ steps.push-image.outputs.digest }}" + done diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml new file mode 100644 index 000000000..376b2a406 --- /dev/null +++ b/.github/workflows/pull_request.yml @@ -0,0 +1,39 @@ +name: pull request checks + +on: + pull_request: + branches: ['*'] + +jobs: + build-lint-test: + name: Build, lint, test + runs-on: ubuntu-latest + strategy: + matrix: + go: ['1.21','1.22'] + steps: + - name: install make + run: sudo apt-get install make + - name: set up go 1.x + uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.go }} + - name: checkout + uses: actions/checkout@v3 + - name: check format + run: make fmt && git add -A && git diff --exit-code + - name: build, lint, test + run: make build lint test + - name: check clean vendors + run: go mod vendor + - name: Report coverage + if: ${{ matrix.go == '1.21' }} + uses: codecov/codecov-action@v4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + with: + files: ./cover.out + flags: unittests + fail_ci_if_error: true + verbose: true + diff --git a/bundle/manifests/bpfman-agent-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/bpfman-agent-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..d3046c6b3 --- /dev/null +++ b/bundle/manifests/bpfman-agent-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,152 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: bpfman-agent-role +rules: +- apiGroups: + - bpfman.io + resources: + - bpfprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bpfman.io + resources: + - bpfprograms/finalizers + verbs: + - update +- apiGroups: + - bpfman.io + resources: + - bpfprograms/status + verbs: + - get + - patch + - update +- apiGroups: + - bpfman.io + resources: + - fentryprograms + verbs: + - get + - list + - watch +- apiGroups: + - bpfman.io + resources: + - fentryprograms/finalizers + verbs: + - update +- apiGroups: + - bpfman.io + resources: + - fexitprograms + verbs: + - get + - list + - watch +- apiGroups: + - bpfman.io + resources: + - fexityprograms/finalizers + verbs: + - update +- apiGroups: + - bpfman.io + resources: + - kprobeprograms + verbs: + - get + - list + - watch +- apiGroups: + - bpfman.io + resources: + - kprobeprograms/finalizers + verbs: + - update +- apiGroups: + - bpfman.io + resources: + - tcprograms + verbs: + - get + - list + - watch +- apiGroups: + - bpfman.io + resources: + - tcprograms/finalizers + verbs: + - update +- apiGroups: + - bpfman.io + resources: + - tracepointprograms + verbs: + - get + - list + - watch +- apiGroups: + - bpfman.io + resources: + - tracepointprograms/finalizers + verbs: + - update +- apiGroups: + - bpfman.io + resources: + - uprobeprograms + verbs: + - get + - list + - watch +- apiGroups: + - bpfman.io + resources: + - uprobeprograms/finalizers + verbs: + - update +- apiGroups: + - bpfman.io + resources: + - xdpprograms + verbs: + - get + - list + - watch +- apiGroups: + - bpfman.io + resources: + - xdpprograms/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/bundle/manifests/bpfman-agent-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/bpfman-agent-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 000000000..963dd0646 --- /dev/null +++ b/bundle/manifests/bpfman-agent-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: bpfman-operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: bpfman-operator + name: bpfman-agent-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: bpfman-agent-role +subjects: +- kind: ServiceAccount + name: bpfman-daemon + namespace: openshift-bpfman diff --git a/bundle/manifests/bpfman-agent-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml b/bundle/manifests/bpfman-agent-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 000000000..b80b63153 --- /dev/null +++ b/bundle/manifests/bpfman-agent-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: bpfman-operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: bpfman-operator + name: bpfman-agent-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: bpfman-agent-role +subjects: +- kind: ServiceAccount + name: bpfman-daemon + namespace: openshift-bpfman diff --git a/bundle/manifests/bpfman-bpfprogram-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/bpfman-bpfprogram-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..842a7197c --- /dev/null +++ b/bundle/manifests/bpfman-bpfprogram-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: bpfman-operator + app.kubernetes.io/instance: bpfprogram-editor-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: bpfman-operator + name: bpfman-bpfprogram-editor-role +rules: +- apiGroups: + - bpfman.io + resources: + - bpfprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bpfman.io + resources: + - bpfprograms/status + verbs: + - get diff --git a/bundle/manifests/bpfman-bpfprogram-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/bpfman-bpfprogram-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..c03d031bf --- /dev/null +++ b/bundle/manifests/bpfman-bpfprogram-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: bpfman-operator + app.kubernetes.io/instance: bpfprogram-viewer-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: bpfman-operator + name: bpfman-bpfprogram-viewer-role +rules: +- apiGroups: + - bpfman.io + resources: + - bpfprograms + verbs: + - get + - list + - watch +- apiGroups: + - bpfman.io + resources: + - bpfprograms/status + verbs: + - get diff --git a/bundle/manifests/bpfman-config_v1_configmap.yaml b/bundle/manifests/bpfman-config_v1_configmap.yaml new file mode 100644 index 000000000..6aebe908a --- /dev/null +++ b/bundle/manifests/bpfman-config_v1_configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + bpfman.agent.healthprobe.addr: :8175 + bpfman.agent.image: quay.io/bpfman/bpfman-agent:latest + bpfman.agent.log.level: info + bpfman.agent.metric.addr: 127.0.0.1:8174 + bpfman.image: quay.io/bpfman/bpfman:latest + bpfman.log.level: info + bpfman.toml: | + [database] + max_retries = 30 + millisec_delay = 10000 +kind: ConfigMap +metadata: + name: bpfman-config diff --git a/bundle/manifests/bpfman-controller-manager-metrics-service_v1_service.yaml b/bundle/manifests/bpfman-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 000000000..e2241674a --- /dev/null +++ b/bundle/manifests/bpfman-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: bpfman-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: bpfman-operator + control-plane: controller-manager + name: bpfman-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/bundle/manifests/bpfman-daemon_v1_serviceaccount.yaml b/bundle/manifests/bpfman-daemon_v1_serviceaccount.yaml new file mode 100644 index 000000000..0f395d4dc --- /dev/null +++ b/bundle/manifests/bpfman-daemon_v1_serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: bpfman-daemon diff --git a/bundle/manifests/bpfman-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/bpfman-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..f896d00b8 --- /dev/null +++ b/bundle/manifests/bpfman-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: bpfman-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: bpfman-operator + name: bpfman-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/bundle/manifests/bpfman-operator.clusterserviceversion.yaml b/bundle/manifests/bpfman-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..5378c3ebc --- /dev/null +++ b/bundle/manifests/bpfman-operator.clusterserviceversion.yaml @@ -0,0 +1,1000 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "bpfman.io/v1alpha1", + "kind": "FentryProgram", + "metadata": { + "labels": { + "app.kubernetes.io/name": "fentryprogram" + }, + "name": "fentry-example" + }, + "spec": { + "bpffunctionname": "test_fentry", + "bytecode": { + "image": { + "url": "quay.io/bpfman-bytecode/fentry:latest" + } + }, + "func_name": "do_unlinkat", + "nodeselector": {} + } + }, + { + "apiVersion": "bpfman.io/v1alpha1", + "kind": "FexitProgram", + "metadata": { + "labels": { + "app.kubernetes.io/name": "fexitprogram" + }, + "name": "fexit-example" + }, + "spec": { + "bpffunctionname": "test_fexit", + "bytecode": { + "image": { + "url": "quay.io/bpfman-bytecode/fexit:latest" + } + }, + "func_name": "do_unlinkat", + "nodeselector": {} + } + }, + { + "apiVersion": "bpfman.io/v1alpha1", + "kind": "KprobeProgram", + "metadata": { + "labels": { + "app.kubernetes.io/name": "kprobeprogram" + }, + "name": "kprobe-example" + }, + "spec": { + "bpffunctionname": "my_kprobe", + "bytecode": { + "image": { + "url": "quay.io/bpfman-bytecode/kprobe:latest" + } + }, + "func_name": "try_to_wake_up", + "globaldata": { + "GLOBAL_u32": [ + 13, + 12, + 11, + 10 + ], + "GLOBAL_u8": [ + 1 + ] + }, + "nodeselector": {}, + "offset": 0, + "retprobe": false + } + }, + { + "apiVersion": "bpfman.io/v1alpha1", + "kind": "TcProgram", + "metadata": { + "labels": { + "app.kubernetes.io/name": "tcprogram" + }, + "name": "tc-pass-all-nodes" + }, + "spec": { + "bpffunctionname": "pass", + "bytecode": { + "image": { + "url": "quay.io/bpfman-bytecode/tc_pass:latest" + } + }, + "direction": "ingress", + "globaldata": { + "GLOBAL_u32": [ + 13, + 12, + 11, + 10 + ], + "GLOBAL_u8": [ + 1 + ] + }, + "interfaceselector": { + "primarynodeinterface": true + }, + "nodeselector": {}, + "priority": 0 + } + }, + { + "apiVersion": "bpfman.io/v1alpha1", + "kind": "TracepointProgram", + "metadata": { + "labels": { + "app.kubernetes.io/name": "tracepointprogram" + }, + "name": "tracepoint-example" + }, + "spec": { + "bpffunctionname": "enter_openat", + "bytecode": { + "image": { + "url": "quay.io/bpfman-bytecode/tracepoint:latest" + } + }, + "globaldata": { + "GLOBAL_u32": [ + 13, + 12, + 11, + 10 + ], + "GLOBAL_u8": [ + 1 + ] + }, + "names": [ + "syscalls/sys_enter_openat" + ], + "nodeselector": {} + } + }, + { + "apiVersion": "bpfman.io/v1alpha1", + "kind": "UprobeProgram", + "metadata": { + "labels": { + "app.kubernetes.io/name": "uprobeprogram" + }, + "name": "uprobe-example" + }, + "spec": { + "bpffunctionname": "my_uprobe", + "bytecode": { + "image": { + "url": "quay.io/bpfman-bytecode/uprobe:latest" + } + }, + "func_name": "syscall", + "globaldata": { + "GLOBAL_u32": [ + 13, + 12, + 11, + 10 + ], + "GLOBAL_u8": [ + 1 + ] + }, + "nodeselector": {}, + "retprobe": false, + "target": "libc" + } + }, + { + "apiVersion": "bpfman.io/v1alpha1", + "kind": "XdpProgram", + "metadata": { + "labels": { + "app.kubernetes.io/name": "xdpprogram" + }, + "name": "xdp-pass-all-nodes" + }, + "spec": { + "bpffunctionname": "pass", + "bytecode": { + "image": { + "url": "quay.io/bpfman-bytecode/xdp_pass:latest" + } + }, + "globaldata": { + "GLOBAL_u32": [ + 13, + 12, + 11, + 10 + ], + "GLOBAL_u8": [ + 1 + ] + }, + "interfaceselector": { + "primarynodeinterface": true + }, + "nodeselector": {}, + "priority": 0 + } + } + ] + capabilities: Basic Install + containerImage: quay.io/bpfman/bpfman-operator:v0.0.0 + createdAt: "2024-05-23T11:40:06Z" + operators.operatorframework.io/builder: operator-sdk-v1.27.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/bpfman/bpfman + name: bpfman-operator.v0.4.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: BpfProgram is the Schema for the BpfProgram API + displayName: Bpf Program + kind: BpfProgram + name: bpfprograms.bpfman.io + version: v1alpha1 + - description: FentryProgram is the Schema for the Fentryprograms API + displayName: Fentry Program + kind: FentryProgram + name: fentryprograms.bpfman.io + version: v1alpha1 + - description: FexitProgram is the Schema for the Fexitprograms API + displayName: Fexit Program + kind: FexitProgram + name: fexitprograms.bpfman.io + version: v1alpha1 + - description: KprobeProgram is the Schema for the Kprobeprograms API + displayName: Kprobe Program + kind: KprobeProgram + name: kprobeprograms.bpfman.io + version: v1alpha1 + - description: TcProgram is the Schema for the Tcprograms API + displayName: Tc Program + kind: TcProgram + name: tcprograms.bpfman.io + version: v1alpha1 + - description: TracepointProgram is the Schema for the Tracepointprograms API + displayName: Tracepoint Program + kind: TracepointProgram + name: tracepointprograms.bpfman.io + version: v1alpha1 + - description: UprobeProgram is the Schema for the Uprobeprograms API + displayName: Uprobe Program + kind: UprobeProgram + name: uprobeprograms.bpfman.io + version: v1alpha1 + - description: XdpProgram is the Schema for the Xdpprograms API + displayName: Xdp Program + kind: XdpProgram + name: xdpprograms.bpfman.io + version: v1alpha1 + description: "The bpfman Operator is a Kubernetes Operator for deploying [bpfman](https://bpfman.netlify.app/), + a system daemon\nfor managing eBPF programs. It deploys bpfman itself along with + CRDs to make deploying\neBPF programs in Kubernetes much easier.\n\n## Quick Start\n\nTo + get bpfman up and running quickly with self signed certificates simply do \nthe + following.\n\n```bash\nkubectl create namespace openshift-bpfman\n```\n After + creating the namespace simply install the bpfman-operator in the desired namespace + from operator-hub\n## Configuration\n\nThe `bpfman-config` configmap is automatically + created in the `bpfman` namespace and used to configure the bpfman deployment.\n\nTo + edit the config simply run\n\n```bash\nkubectl edit cm bpfman-config\n```\n\nThe + following fields are adjustable\n\n- `bpfman.agent.image`: The image used for + the bpfman-agent, defaults to `quay.io/bpfman/bpfman-agent:latest`\n- `bpfman.image`: + The image used for bpfman, defaults to `quay.io/bpfman/bpfman:latest`\n- `bpfman.log.level`: + the log level for bpfman, currently supports `debug`, `info`, `warn`, `error`, + and `fatal`, defaults to `info`\n- `bpfman.agent.log.level`: the log level for + the bpfman-agent currently supports `info`, `debug`, and `trace` \n\nThe bpfman + operator deploys eBPF programs via CRDs. The following CRDs are currently available, + \n\n- XdpProgram\n- TcProgram\n- TracepointProgram\n- KprobeProgram\n- UprobeProgram\n- + FentryProgram\n- FexitProgram\n\n## More information\n\nPlease checkout the [bpfman + community website](https://bpfman.io/) for more information." + displayName: Bpfman Operator + icon: + - base64data: | + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+Cjwh + RE9DVFlQRSBzdmcgUFVCTElDICItLy9XM0MvL0RURCBTVkcgMS4xLy9FTiIgImh0dHA6Ly93d3cu + dzMub3JnL0dyYXBoaWNzL1NWRy8xLjEvRFREL3N2ZzExLmR0ZCI+CjwhLS0gQ3JlYXRlZCB3aXRo + IFZlY3Rvcm5hdG9yIChodHRwOi8vdmVjdG9ybmF0b3IuaW8vKSAtLT4KPHN2ZyBoZWlnaHQ9IjEw + MCUiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3R5bGU9ImZpbGwtcnVsZTpub256ZXJvO2NsaXAt + cnVsZTpldmVub2RkO3N0cm9rZS1saW5lY2FwOnJvdW5kO3N0cm9rZS1saW5lam9pbjpyb3VuZDsi + IHZlcnNpb249IjEuMSIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgd2lkdGg9IjEwMCUiIHhtbDpz + cGFjZT0icHJlc2VydmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6 + dmVjdG9ybmF0b3I9Imh0dHA6Ly92ZWN0b3JuYXRvci5pbyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93 + d3cudzMub3JnLzE5OTkveGxpbmsiPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGdyYWRpZW50VHJh + bnNmb3JtPSJtYXRyaXgoMS40NTY4MyAxLjQ1NjgzIC0xLjQ1NjgzIDEuNDU2ODMgNzkxLjI0NCAt + NzA0LjEzMykiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIiBpZD0iTGluZWFyR3JhZGll + bnQiIHgxPSIzNjguNDYyIiB4Mj0iMjQyLjMzMSIgeTE9IjQyNy4wNTMiIHkyPSI1NTMuNjE0Ij4K + PHN0b3Agb2Zmc2V0PSIwLjQyMjU5MiIgc3RvcC1jb2xvcj0iIzMzMzEyYyIvPgo8c3RvcCBvZmZz + ZXQ9IjEiIHN0b3AtY29sb3I9IiNmM2M2MjIiLz4KPC9saW5lYXJHcmFkaWVudD4KPHBhdGggZD0i + TTQzNS4xMTMgNDQ4LjQxM0M0MzUuMTEzIDM3NS43MjMgNDkzLjc5MyAyNjguNjkyIDUxMS4yMDkg + MjY4LjY5MkM1MjguNjI1IDI2OC42OTIgNTg4Ljg3MyAzNzAuOTU3IDU4OC44NzMgNDQzLjY0NkM1 + ODguODczIDUxNi4zMzYgNTMyLjc4NSA2MDAuNzc3IDUxMS4yMDkgNjAwLjc3N0M0ODkuNjMzIDYw + MC43NzcgNDM1LjExMyA1MjEuMTAzIDQzNS4xMTMgNDQ4LjQxM1oiIGlkPSJGaWxsIi8+CjxwYXRo + IGQ9Ik00MzUuMTEzIDQ0OC40MTNDNDM1LjExMyAzNzUuNzIzIDQ5My43OTMgMjY4LjY5MiA1MTEu + MjA5IDI2OC42OTJDNTI4LjYyNSAyNjguNjkyIDU4OC44NzMgMzcwLjk1NyA1ODguODczIDQ0My42 + NDZDNTg4Ljg3MyA1MTYuMzM2IDUzMi43ODUgNjAwLjc3NyA1MTEuMjA5IDYwMC43NzdDNDg5LjYz + MyA2MDAuNzc3IDQzNS4xMTMgNTIxLjEwMyA0MzUuMTEzIDQ0OC40MTNaIiBpZD0iRmlsbF8yIi8+ + CjxwYXRoIGQ9Ik00MzUuMTEzIDQ0OC40MTNDNDM1LjExMyAzNzUuNzIzIDQ5My43OTMgMjY4LjY5 + MiA1MTEuMjA5IDI2OC42OTJDNTI4LjYyNSAyNjguNjkyIDU4OC44NzMgMzcwLjk1NyA1ODguODcz + IDQ0My42NDZDNTg4Ljg3MyA1MTYuMzM2IDUzMi43ODUgNjAwLjc3NyA1MTEuMjA5IDYwMC43NzdD + NDg5LjYzMyA2MDAuNzc3IDQzNS4xMTMgNTIxLjEwMyA0MzUuMTEzIDQ0OC40MTNaIiBpZD0iRmls + bF8zIi8+CjxwYXRoIGQ9Ik00MzUuMTIgMzY4LjgzOEM0MzUuMTIgMzY4LjgzOCA0NzQuMjE5IDM3 + OC4yNjMgNTEyLjAwNyAzNzguMzM1QzU0OS43OTYgMzc4LjQwNyA1ODguODggMzY5LjM4NSA1ODgu + ODggMzY5LjM4NSIgaWQ9IkZpbGxfNCIvPgo8L2RlZnM+CjxnIGlkPSJMYXllci0xIiB2ZWN0b3Ju + YXRvcjpsYXllck5hbWU9IkxheWVyIDEiPgo8ZyBvcGFjaXR5PSIxIiB2ZWN0b3JuYXRvcjpsYXll + ck5hbWU9Ikdyb3VwIDEyIj4KPHBhdGggZD0iTTE4Ni4yMzMgMzg3LjI3OEMxODYuMjMzIDIwNy4z + NjQgMzMyLjA4NCA2MS41MTM5IDUxMS45OTggNjEuNTEzOUM2OTEuOTE2IDYxLjUxMzkgODM3Ljc2 + NyAyMDcuMzY0IDgzNy43NjcgMzg3LjI3OEM4MzcuNzY3IDU2Ny4xOTMgNjkxLjkxNiA3MTMuMDQz + IDUxMS45OTggNzEzLjA0M0MzMzIuMDg0IDcxMy4wNDMgMTg2LjIzMyA1NjcuMTkzIDE4Ni4yMzMg + Mzg3LjI3OCIgZmlsbD0iI2YyOGYyMiIgZmlsbC1ydWxlPSJub256ZXJvIiBvcGFjaXR5PSIxIiBz + dHJva2U9Im5vbmUiIHZlY3Rvcm5hdG9yOmxheWVyTmFtZT0icGF0aCIvPgo8ZyBvcGFjaXR5PSIx + IiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9Ikdyb3VwIDEzIj4KPHBhdGggZD0iTTIwMS4zMzEgNDg1 + LjQ4NUMyMDQuODQ3IDQ4MS41MzQgMjA4LjE4MiA0NzcuNTkzIDIxMS4yOTQgNDczLjY2QzI3MS4z + ODUgMzk3LjYzNiAyNDkuMTUgMzQzLjc2OSAxOTguMTU5IDI5OS45OTFDMTkwLjQ0MyAzMjcuNzg0 + IDE4Ni4yMzUgMzU3LjAzIDE4Ni4yMzUgMzg3LjI3N0MxODYuMjM1IDQyMS41MDkgMTkxLjU0NCA0 + NTQuNDkgMjAxLjMzMSA0ODUuNDg1IiBmaWxsPSIjZTBmMjIyIiBmaWxsLXJ1bGU9Im5vbnplcm8i + IG9wYWNpdHk9IjEiIHN0cm9rZT0ibm9uZSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1lPSJwYXRoIi8+ + CjxwYXRoIGQ9Ik00MjEuMTYzIDQwNS4wOThDNDQzLjY2IDMyMy4yNzkgMzQxLjE0MSAyNTIuNjQx + IDI0Ni4xNzkgMTk5LjA4QzIzOSAyMDkuMTk4IDIzMi4zNDIgMjE5LjcwMyAyMjYuMzM4IDIzMC42 + MjlDMzA5LjI2NSAyNzguMTY5IDM5MC43NjkgMzQyLjM1OSAzNTYuNjU0IDQyMy4zMDFDMzM0LjIy + NSA0NzYuNTA1IDI3OC43MTMgNTEzLjMwNyAyMzIuNzA4IDU1NS4wMDFDMjM4LjYxNCA1NjQuODE4 + IDI0NS4wMjcgNTc0LjI5MiAyNTEuOTA0IDU4My4zOTZDMzA5Ljk0NCA1MjQuODAxIDM5OS4zNTMg + NDg0LjQyNyA0MjEuMTYzIDQwNS4wOTgiIGZpbGw9IiNlMGYyMjIiIGZpbGwtcnVsZT0ibm9uemVy + byIgb3BhY2l0eT0iMSIgc3Ryb2tlPSJub25lIiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9InBhdGgi + Lz4KPHBhdGggZD0iTTU5Ny45MjMgMzIzLjgwN0M2MjkuMjkyIDQ0Mi45OTkgNDU0LjQwMiA1MTku + MzQxIDM4OC45NiA1OTIuMzA1QzM2Ni4zMDQgNjE3LjU2NiAzNDguODAxIDYzOS4xODcgMzM5LjMw + NiA2NjMuNDY0QzM0OC43NTggNjY5LjM4NyAzNTguNTE1IDY3NC44NTggMzY4LjU4NiA2NzkuODAx + QzM3My43NzQgNjU2LjU2NSAzODQuNTUgNjMyLjg1MSA0MDIuODQgNjA4LjIzNUM0NzEuODAyIDUx + NS40MTcgNjUwLjg2NSA0NTUuNTg1IDYyNi4zMTMgMzE4LjkwM0M2MDcuNzE4IDIxNS4zODYgNDk4 + LjE3NiAxNjEuODQyIDQ2MS45MjQgNjUuMzQ5N0M0MzguOTk3IDY4Ljg4NzIgNDE2Ljg5NSA3NC44 + NzQ4IDM5NS44MDggODIuOTI5OEM0NDcuMzAxIDE3My44MTMgNTcwLjgyNiAyMjAuODQxIDU5Ny45 + MjMgMzIzLjgwNyIgZmlsbD0iI2UwZjIyMiIgZmlsbC1ydWxlPSJub256ZXJvIiBvcGFjaXR5PSIx + IiBzdHJva2U9Im5vbmUiIHZlY3Rvcm5hdG9yOmxheWVyTmFtZT0icGF0aCIvPgo8cGF0aCBkPSJN + NzA1LjQ4MSAzMDQuMzA1Qzc0MC4zNzkgNDYwLjIwOSA1MTkuNjMxIDUyMy4yNjUgNDQ2LjAyNiA2 + MzAuMzQ1QzQzMC40ODQgNjUyLjk0OSA0MjMuMDc4IDY3Ni4zNzEgNDIxLjI1OSA3MDAuMTQxQzQz + NC4zMjYgNzAzLjkyMyA0NDcuNjk4IDcwNi45NzUgNDYxLjM4NCA3MDkuMTExQzQ2Mi43NzIgNjg0 + LjQ2OSA0NjkuOCA2NjAuMjI2IDQ4NS4xMTUgNjM2Ljg4N0M1NTguODAxIDUyNC41ODUgNzg2Ljk3 + MiA0NjguMDg4IDc2MC4xMDggMzA4LjUxM0M3NDcuMzg1IDIzMi45MjcgNzAwLjQ0MyAxNzQuMzU0 + IDY3NS4zNDEgMTA1LjQ2NUM2NTAuMDI4IDkwLjc2MDggNjIyLjU5NiA3OS4yOTMgNTkzLjU0OSA3 + MS44MDUzQzYxOC4xODYgMTU1Ljg1OSA2ODUuNzY0IDIxNi4yMzcgNzA1LjQ4MSAzMDQuMzA1IiBm + aWxsPSIjZTBmMjIyIiBmaWxsLXJ1bGU9Im5vbnplcm8iIG9wYWNpdHk9IjEiIHN0cm9rZT0ibm9u + ZSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1lPSJwYXRoIi8+CjxwYXRoIGQ9Ik0zMjQuMzM5IDYxMS4y + MjNDMzgxLjUzNyA1MzUuNzk2IDU2My4wOCA0NjMuODc3IDU1Mi43MyAzNTIuNzQ4QzU0My41OTIg + MjU0LjY0OCA0MDIuNjYzIDE5NC4wNzYgMzE2LjE1NSAxMjYuOTYyQzMwNi40NDEgMTM0LjI4MiAy + OTcuMiAxNDIuMTc0IDI4OC4zNzUgMTUwLjUxM0MzODUuNjg1IDIxMS44NTQgNTE1Ljk3MSAyNzcu + NDc2IDUxMy40MzUgMzY1LjIzOUM1MTAuMDk5IDQ4MC42MzIgMzQ3LjM3NCA1MzMuNDMyIDI4NC44 + ODEgNjIwLjcxM0MyOTEuNzU0IDYyNy40MDIgMjk4Ljg5MyA2MzMuODEgMzA2LjMzNCA2MzkuODc1 + QzMxMS4xNzQgNjMwLjI4MSAzMTcuMTMxIDYyMC43MjYgMzI0LjMzOSA2MTEuMjIzIiBmaWxsPSIj + ZTBmMjIyIiBmaWxsLXJ1bGU9Im5vbnplcm8iIG9wYWNpdHk9IjEiIHN0cm9rZT0ibm9uZSIgdmVj + dG9ybmF0b3I6bGF5ZXJOYW1lPSJwYXRoIi8+CjxwYXRoIGQ9Ik02MzguNDgxIDYyOS41MjRDNjc3 + LjY2OCA1NjEuMTY0IDc1MS4wODggNTI2LjczOSA4MjEuNTI0IDQ4OC44NjZDODIzLjkxIDQ4MS41 + ODkgODI2LjA4NCA0NzQuMjE4IDgyNy45NjMgNDY2LjcyMUM3NTkuNDc4IDUxNC4zNjQgNjc2LjQy + NiA1NDcuODQzIDYyNC42NzkgNjE3LjQzM0M2MDQuOTcxIDY0My45MzYgNTk3Ljc2NyA2NzIuMTkz + IDU5OC41MTEgNzAxLjM0QzYwNi43MTYgNjk5LjA4NCA2MTQuODE0IDY5Ni41NzMgNjIyLjc0NCA2 + OTMuNzA2QzYyMi4yNzYgNjcxLjQ0NiA2MjYuNzkzIDY0OS45MDcgNjM4LjQ4MSA2MjkuNTI0IiBm + aWxsPSIjZTBmMjIyIiBmaWxsLXJ1bGU9Im5vbnplcm8iIG9wYWNpdHk9IjEiIHN0cm9rZT0ibm9u + ZSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1lPSJwYXRoIi8+CjxwYXRoIGQ9Ik02ODYuNDcxIDY0NC43 + NjRDNjgzLjU3OCA2NTEuNzQ0IDY4MS43IDY1OC44NjIgNjgwLjYxMiA2NjYuMDYyQzczMS43MzYg + NjM1LjA3NiA3NzMuNTgxIDU5MC4zODIgODAxLjIyNyA1MzcuMTI2Qzc0OS41NDkgNTY0LjQzMyA3 + MDYuMTc0IDU5Ny4yMjUgNjg2LjQ3MSA2NDQuNzY0IiBmaWxsPSIjZTBmMjIyIiBmaWxsLXJ1bGU9 + Im5vbnplcm8iIG9wYWNpdHk9IjEiIHN0cm9rZT0ibm9uZSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1l + PSJwYXRoIi8+CjxwYXRoIGQ9Ik04MzYuNjY2IDQxMi45MTlDODM3LjMyOCA0MDQuNDQ3IDgzNy43 + NjcgMzk1LjkxNSA4MzcuNzY3IDM4Ny4yOEM4MzcuNzY3IDM3MC42OCA4MzYuNTA3IDM1NC4zODEg + ODM0LjExMyAzMzguNDUxQzgyMi42OCA0NzIuMzY1IDYzNC41MjEgNTIwLjkyMyA1NjMuMzkzIDYy + MC4wNjhDNTQwLjY1OSA2NTEuNzU5IDUzMC41NjIgNjgyLjM3NiA1MjguNjE5IDcxMi42MjNDNTM4 + LjA0MSA3MTIuMTUgNTQ3LjMzNCA3MTEuMTk2IDU1Ni41MzMgNzA5LjkzN0M1NTcuNDc4IDY4Mi44 + MjMgNTY0Ljg1OCA2NTUuNTggNTgxLjg3MSA2MjguMDY3QzYzNy45ODEgNTM3LjMyNSA3NzQuNjg5 + IDQ5OC43MDUgODM2LjY2NiA0MTIuOTE5IiBmaWxsPSIjZTBmMjIyIiBmaWxsLXJ1bGU9Im5vbnpl + cm8iIG9wYWNpdHk9IjEiIHN0cm9rZT0ibm9uZSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1lPSJwYXRo + Ii8+CjwvZz4KPC9nPgo8ZyBvcGFjaXR5PSIxIiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9Ikdyb3Vw + IDEzIj4KPHBhdGggZD0iTTQzNS4xMTMgNDQ4LjQxM0M0MzUuMTEzIDM3NS43MjMgNDkzLjc5MyAy + NjguNjkyIDUxMS4yMDkgMjY4LjY5MkM1MjguNjI1IDI2OC42OTIgNTg4Ljg3MyAzNzAuOTU3IDU4 + OC44NzMgNDQzLjY0NkM1ODguODczIDUxNi4zMzYgNTMyLjc4NSA2MDAuNzc3IDUxMS4yMDkgNjAw + Ljc3N0M0ODkuNjMzIDYwMC43NzcgNDM1LjExMyA1MjEuMTAzIDQzNS4xMTMgNDQ4LjQxM1oiIGZp + bGw9InVybCgjTGluZWFyR3JhZGllbnQpIiBmaWxsLXJ1bGU9Im5vbnplcm8iIG9wYWNpdHk9IjEi + IHN0cm9rZT0iIzMzMzEyYyIgc3Ryb2tlLWxpbmVjYXA9ImJ1dHQiIHN0cm9rZS1saW5lam9pbj0i + cm91bmQiIHN0cm9rZS13aWR0aD0iMjQuNDgxOSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1lPSJPdmFs + IDEiLz4KPHBhdGggZD0iTTQzOS4yMzMgMjY4LjY5MkM0MzkuMjMzIDI2OC42OTIgNDQxLjE1MiAx + OTUuOTMzIDUxMS45OTMgMTk1LjkzM0M1ODIuODM0IDE5NS45MzMgNTg0Ljc1MiAyNjguNjkyIDU4 + NC43NTIgMjY4LjY5Mkw0MzkuMjMzIDI2OC42OTJaIiBmaWxsPSIjZjNjNjIyIiBmaWxsLXJ1bGU9 + Im5vbnplcm8iIG9wYWNpdHk9IjEiIHN0cm9rZT0iIzMzMzEyYyIgc3Ryb2tlLWxpbmVjYXA9ImJ1 + dHQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiIHN0cm9rZS13aWR0aD0iMjQuNDgxOSIgdmVjdG9y + bmF0b3I6bGF5ZXJOYW1lPSJPdmFsIDIiLz4KPHBhdGggZD0iTTQ4MC4xODggMTk1LjkzM0M0ODAu + MTg4IDE5NS45MzMgNDY3LjUxOCAxNjYuMzQ1IDQ0Mi4zMjQgMTc1LjU1OCIgZmlsbD0ibm9uZSIg + b3BhY2l0eT0iMSIgc3Ryb2tlPSIjMzMzMTJjIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9r + ZS1saW5lam9pbj0icm91bmQiIHN0cm9rZS13aWR0aD0iMjQuNDgxOSIgdmVjdG9ybmF0b3I6bGF5 + ZXJOYW1lPSJDdXJ2ZSAyIi8+CjxwYXRoIGQ9Ik01NDUuMzM3IDE5NS45MzNDNTQ1LjMzNyAxOTUu + OTMzIDU1OC4wMDYgMTY2LjM0NSA1ODMuMjAxIDE3NS41NTgiIGZpbGw9Im5vbmUiIG9wYWNpdHk9 + IjEiIHN0cm9rZT0iIzMzMzEyYyIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpv + aW49InJvdW5kIiBzdHJva2Utd2lkdGg9IjI0LjQ4MTkiIHZlY3Rvcm5hdG9yOmxheWVyTmFtZT0i + Q3VydmUgMyIvPgo8ZyBvcGFjaXR5PSIxIiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9Ikdyb3VwIDIi + Pgo8dXNlIGZpbGw9Im5vbmUiIG9wYWNpdHk9IjEiIHN0cm9rZT0iI2YyYWMyMiIgc3Ryb2tlLWxp + bmVjYXA9ImJ1dHQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiIHN0cm9rZS13aWR0aD0iMjQuNDgx + OSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1lPSJPdmFsIDUiIHhsaW5rOmhyZWY9IiNGaWxsIi8+Cjxj + bGlwUGF0aCBjbGlwLXJ1bGU9Im5vbnplcm8iIGlkPSJDbGlwUGF0aCI+Cjx1c2UgeGxpbms6aHJl + Zj0iI0ZpbGwiLz4KPC9jbGlwUGF0aD4KPGcgY2xpcC1wYXRoPSJ1cmwoI0NsaXBQYXRoKSI+Cjxw + YXRoIGQ9Ik00MzUuMTEzIDQyNS4yMzhDNDM1LjExMyA0MjUuMjM4IDQ3NC4yMTIgNDM0LjY2MyA1 + MTIgNDM0LjczNUM1NDkuNzg4IDQzNC44MDcgNTg4Ljg3MyA0MjUuNzg1IDU4OC44NzMgNDI1Ljc4 + NSIgZmlsbD0ibm9uZSIgb3BhY2l0eT0iMSIgc3Ryb2tlPSIjZjJkZTIyIiBzdHJva2UtbGluZWNh + cD0iYnV0dCIgc3Ryb2tlLWxpbmVqb2luPSJtaXRlciIgc3Ryb2tlLXdpZHRoPSIyNC40ODE5IiB2 + ZWN0b3JuYXRvcjpsYXllck5hbWU9IkN1cnZlIDQiLz4KPC9nPgo8L2c+CjxnIG9wYWNpdHk9IjEi + IHZlY3Rvcm5hdG9yOmxheWVyTmFtZT0iR3JvdXAgMyI+Cjx1c2UgZmlsbD0ibm9uZSIgb3BhY2l0 + eT0iMSIgc3Ryb2tlPSIjZjNjNjIyIiBzdHJva2UtbGluZWNhcD0iYnV0dCIgc3Ryb2tlLWxpbmVq + b2luPSJyb3VuZCIgc3Ryb2tlLXdpZHRoPSIyNC40ODE5IiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9 + Ik92YWwgNCIgeGxpbms6aHJlZj0iI0ZpbGxfMiIvPgo8Y2xpcFBhdGggY2xpcC1ydWxlPSJub256 + ZXJvIiBpZD0iQ2xpcFBhdGhfMiI+Cjx1c2UgeGxpbms6aHJlZj0iI0ZpbGxfMiIvPgo8L2NsaXBQ + YXRoPgo8ZyBjbGlwLXBhdGg9InVybCgjQ2xpcFBhdGhfMikiPgo8cGF0aCBkPSJNNDM5LjIzMyA0 + ODEuNjUzQzQzOS4yMzMgNDgxLjY1MyA0NzUuNjIgNDkzLjg5MiA1MTIgNDkzLjg5MkM1NDguMzgg + NDkzLjg5MiA1ODQuNzUyIDQ4MS42NTMgNTg0Ljc1MiA0ODEuNjUzIiBmaWxsPSJub25lIiBvcGFj + aXR5PSIxIiBzdHJva2U9IiNmM2M2MjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxp + bmVqb2luPSJtaXRlciIgc3Ryb2tlLXdpZHRoPSIyNC40ODE5IiB2ZWN0b3JuYXRvcjpsYXllck5h + bWU9IkN1cnZlIDUiLz4KPC9nPgo8L2c+CjxnIG9wYWNpdHk9IjEiIHZlY3Rvcm5hdG9yOmxheWVy + TmFtZT0iR3JvdXAgNCI+Cjx1c2UgZmlsbD0ibm9uZSIgb3BhY2l0eT0iMSIgc3Ryb2tlPSIjZjJk + ZTIyIiBzdHJva2UtbGluZWNhcD0iYnV0dCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIgc3Ryb2tl + LXdpZHRoPSIyNC40ODE5IiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9Ik92YWwgMyIgeGxpbms6aHJl + Zj0iI0ZpbGxfMyIvPgo8Y2xpcFBhdGggY2xpcC1ydWxlPSJub256ZXJvIiBpZD0iQ2xpcFBhdGhf + MyI+Cjx1c2UgeGxpbms6aHJlZj0iI0ZpbGxfMyIvPgo8L2NsaXBQYXRoPgo8ZyBjbGlwLXBhdGg9 + InVybCgjQ2xpcFBhdGhfMykiPgo8cGF0aCBkPSJNNDYxLjI1NiA1NDAuMTc0QzQ2MS4yNTYgNTQw + LjE3NCA0ODcuNDU5IDU0OS41ODYgNTExLjk5MyA1NDkuNTIzQzUzNi41MjcgNTQ5LjQ2MSA1NTku + MzkxIDUzOS45MjUgNTU5LjM5MSA1MzkuOTI1IiBmaWxsPSJub25lIiBvcGFjaXR5PSIxIiBzdHJv + a2U9IiNmMmRlMjIiIHN0cm9rZS1saW5lY2FwPSJzcXVhcmUiIHN0cm9rZS1saW5lam9pbj0ibWl0 + ZXIiIHN0cm9rZS13aWR0aD0iMjQuNDgxOSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1lPSJDdXJ2ZSA2 + Ii8+CjwvZz4KPC9nPgo8ZyBvcGFjaXR5PSIxIiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9Ikdyb3Vw + IDEiPgo8dXNlIGZpbGw9Im5vbmUiIG9wYWNpdHk9IjEiIHN0cm9rZT0iI2YzYzYyMiIgc3Ryb2tl + LWxpbmVjYXA9ImJ1dHQiIHN0cm9rZS1saW5lam9pbj0ibWl0ZXIiIHN0cm9rZS13aWR0aD0iMjQu + NDgxOSIgdmVjdG9ybmF0b3I6bGF5ZXJOYW1lPSJDdXJ2ZSA3IiB4bGluazpocmVmPSIjRmlsbF80 + Ii8+CjxjbGlwUGF0aCBjbGlwLXJ1bGU9Im5vbnplcm8iIGlkPSJDbGlwUGF0aF80Ij4KPHVzZSB4 + bGluazpocmVmPSIjRmlsbF80Ii8+CjwvY2xpcFBhdGg+CjxnIGNsaXAtcGF0aD0idXJsKCNDbGlw + UGF0aF80KSI+CjxwYXRoIGQ9Ik00MzUuMTEzIDQ0OC40MTNDNDM1LjExMyAzNzUuNzIzIDQ5My43 + OTMgMjY4LjY5MiA1MTEuMjA5IDI2OC42OTJDNTI4LjYyNSAyNjguNjkyIDU4OC44NzMgMzcwLjk1 + NyA1ODguODczIDQ0My42NDZDNTg4Ljg3MyA1MTYuMzM2IDUzMi43ODUgNjAwLjc3NyA1MTEuMjA5 + IDYwMC43NzdDNDg5LjYzMyA2MDAuNzc3IDQzNS4xMTMgNTIxLjEwMyA0MzUuMTEzIDQ0OC40MTNa + IiBmaWxsPSJub25lIiBvcGFjaXR5PSIxIiBzdHJva2U9IiNmM2M2MjIiIHN0cm9rZS1saW5lY2Fw + PSJidXR0IiBzdHJva2UtbGluZWpvaW49InJvdW5kIiBzdHJva2Utd2lkdGg9IjI0LjQ4MTkiIHZl + Y3Rvcm5hdG9yOmxheWVyTmFtZT0iT3ZhbCA0Ii8+CjwvZz4KPC9nPgo8cGF0aCBkPSJNNDM1LjEx + MyA0NDguNDEzQzQzNS4xMTMgMzc1LjcyMyA0OTMuNzkzIDI2OC42OTIgNTExLjIwOSAyNjguNjky + QzUyOC42MjUgMjY4LjY5MiA1ODguODczIDM3MC45NTcgNTg4Ljg3MyA0NDMuNjQ2QzU4OC44NzMg + NTE2LjMzNiA1MzIuNzg1IDYwMC43NzcgNTExLjIwOSA2MDAuNzc3QzQ4OS42MzMgNjAwLjc3NyA0 + MzUuMTEzIDUyMS4xMDMgNDM1LjExMyA0NDguNDEzWiIgZmlsbD0ibm9uZSIgb3BhY2l0eT0iMSIg + c3Ryb2tlPSIjMzMzMTJjIiBzdHJva2UtbGluZWNhcD0iYnV0dCIgc3Ryb2tlLWxpbmVqb2luPSJy + b3VuZCIgc3Ryb2tlLXdpZHRoPSIyNC40ODE5IiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9Ik92YWwg + MyIvPgo8cGF0aCBkPSJNNDkwLjQ1MyAyNjkuNDQ2QzQ1MC4xMjUgMjY5LjgwMyAzNjEuNTgxIDI4 + NS40MjggMjk4LjI2OSAzMjUuNTU2QzE5NS4wNDcgMzkwLjk3OCAyNjQuMjI0IDQ2OS4wODkgMzI2 + LjIxMSA0NjguMjI5QzQyMi4xODYgNDY2Ljg5NyA1MTEuOTg5IDMwMC4yNjIgNTExLjk4OSAyNzMu + ODU2QzUxMS45ODkgMjcyLjExMiA1MDkuMTIgMjcwLjgzOSA1MDMuOTYxIDI3MC4xMkM1MDAuNDU1 + IDI2OS42MzEgNDk1Ljg5MiAyNjkuMzk4IDQ5MC40NTMgMjY5LjQ0NlpNNTExLjk4OSAyNzMuODU2 + QzUxMS45ODkgMzAwLjI2MiA2MDEuNzkyIDQ2Ni44OTcgNjk3Ljc2NyA0NjguMjI5Qzc1OS43NTQg + NDY5LjA4OSA4MjguOTYzIDM5MC45NzggNzI1Ljc0MSAzMjUuNTU2QzY1NC4yMzkgMjgwLjIzNyA1 + NTAuNTA5IDI2Ni4xOTIgNTIwLjQ0NSAyNzAuMDc2QzUxNS4wMTYgMjcwLjc3NyA1MTEuOTg5IDI3 + Mi4wNjQgNTExLjk4OSAyNzMuODU2WiIgZmlsbD0iI2ZmZmZmZiIgZmlsbC1ydWxlPSJub256ZXJv + IiBvcGFjaXR5PSIxIiBzdHJva2U9IiMzMzMxMmMiIHN0cm9rZS1saW5lY2FwPSJidXR0IiBzdHJv + a2UtbGluZWpvaW49InJvdW5kIiBzdHJva2Utd2lkdGg9IjI0LjQ4MTkiIHZlY3Rvcm5hdG9yOmxh + eWVyTmFtZT0iQ3VydmUgMSIvPgo8L2c+CjxnIG9wYWNpdHk9IjEiIHZlY3Rvcm5hdG9yOmxheWVy + TmFtZT0iR3JvdXAgMTQiPgo8cGF0aCBkPSJNMTU0LjkxOSA5MjQuNTMzQzE0NS4zOTQgOTI0LjUz + MyAxMzcuMTYxIDkyMi41MTcgMTMwLjIyMSA5MTguNDg1QzEyMy4yOCA5MTQuNDU0IDExNy45Njkg + OTA4LjI2NCAxMTQuMjg2IDg5OS45MThDMTEwLjYwMyA4OTEuNTcxIDEwOC43NjEgODgwLjk5MiAx + MDguNzYxIDg2OC4xODJDMTA4Ljc2MSA4NTUuMzQzIDExMC42ODQgODQ0Ljc4NCAxMTQuNTMxIDgz + Ni41MDZDMTE4LjM3NyA4MjguMjI4IDEyMy43ODQgODIyLjA2IDEzMC43NTEgODE4LjAwMkMxMzcu + NzE4IDgxMy45NDQgMTQ1Ljc3NCA4MTEuOTE0IDE1NC45MTkgODExLjkxNEMxNjUuMjY1IDgxMS45 + MTQgMTc0LjU1MSA4MTQuMjIyIDE4Mi43NzggODE4LjgzN0MxOTEuMDA1IDgyMy40NTIgMTk3LjUy + IDgyOS45NjcgMjAyLjMyNCA4MzguMzgxQzIwNy4xMjggODQ2Ljc5NiAyMDkuNTMgODU2LjczIDIw + OS41MyA4NjguMTgyQzIwOS41MyA4NzkuNjM1IDIwNy4xMjggODg5LjU2OSAyMDIuMzI0IDg5Ny45 + ODNDMTk3LjUyIDkwNi4zOTggMTkxLjAwNSA5MTIuOTI3IDE4Mi43NzggOTE3LjU2OUMxNzQuNTUx + IDkyMi4yMTIgMTY1LjI2NSA5MjQuNTMzIDE1NC45MTkgOTI0LjUzM1pNOTAuMzA5NyA5MjIuOTg3 + TDkwLjMwOTcgNzcxLjkxM0wxMjIuMDcyIDc3MS45MTNMMTIyLjA3MiA4MzUuNTcxTDEyMC4wMzYg + ODY4LjA1OEwxMjAuNTcgOTAwLjU0OUwxMjAuNTcgOTIyLjk4N0w5MC4zMDk3IDkyMi45ODdaTTE0 + OS40NTQgODk4LjUyNkMxNTQuNzMgODk4LjUyNiAxNTkuNDYzIDg5Ny4zMjIgMTYzLjY1MiA4OTQu + OTE1QzE2Ny44NDEgODkyLjUwOCAxNzEuMTc5IDg4OS4wMDcgMTczLjY2OCA4ODQuNDEyQzE3Ni4x + NTcgODc5LjgxNyAxNzcuNDAxIDg3NC40MDcgMTc3LjQwMSA4NjguMTgyQzE3Ny40MDEgODYxLjgy + MiAxNzYuMTU3IDg1Ni4zOTEgMTczLjY2OCA4NTEuODkxQzE3MS4xNzkgODQ3LjM5IDE2Ny44NDEg + ODQzLjkzNyAxNjMuNjUyIDg0MS41MjlDMTU5LjQ2MyA4MzkuMTIyIDE1NC43MyA4MzcuOTE5IDE0 + OS40NTQgODM3LjkxOUMxNDQuMTc3IDgzNy45MTkgMTM5LjQ0NCA4MzkuMTIyIDEzNS4yNTQgODQx + LjUyOUMxMzEuMDY0IDg0My45MzcgMTI3LjcyNSA4NDcuMzkgMTI1LjIzNiA4NTEuODkxQzEyMi43 + NDcgODU2LjM5MSAxMjEuNTAzIDg2MS44MjIgMTIxLjUwMyA4NjguMTgyQzEyMS41MDMgODc0LjQw + NyAxMjIuNzQ3IDg3OS44MTcgMTI1LjIzNiA4ODQuNDEyQzEyNy43MjUgODg5LjAwNyAxMzEuMDY0 + IDg5Mi41MDggMTM1LjI1NCA4OTQuOTE1QzEzOS40NDQgODk3LjMyMiAxNDQuMTc3IDg5OC41MjYg + MTQ5LjQ1NCA4OTguNTI2WiIgZmlsbD0iI2YzYzYyMiIgZmlsbC1ydWxlPSJub256ZXJvIiBvcGFj + aXR5PSIxIiBzdHJva2U9Im5vbmUiLz4KPHBhdGggZD0iTTI5NS40NzYgOTI0LjUzM0MyODYuMzMx + IDkyNC41MzMgMjc4LjI3NSA5MjIuNTA0IDI3MS4zMDggOTE4LjQ0NkMyNjQuMzQxIDkxNC4zODcg + MjU4LjkzNCA5MDguMTk4IDI1NS4wODggODk5Ljg3OEMyNTEuMjQyIDg5MS41NTggMjQ5LjMxOSA4 + ODEuMDE5IDI0OS4zMTkgODY4LjI2MkMyNDkuMzE5IDg1NS4zMTYgMjUxLjE2IDg0NC43MDQgMjU0 + Ljg0MyA4MzYuNDI1QzI1OC41MjYgODI4LjE0NiAyNjMuODM4IDgyMS45OTEgMjcwLjc3OCA4MTcu + OTYxQzI3Ny43MTkgODEzLjkzIDI4NS45NTEgODExLjkxNCAyOTUuNDc2IDgxMS45MTRDMzA1Ljgy + MiA4MTEuOTE0IDMxNS4xMDggODE0LjIzNSAzMjMuMzM1IDgxOC44NzdDMzMxLjU2MiA4MjMuNTE4 + IDMzOC4wNzcgODMwLjA0NiAzNDIuODgxIDgzOC40NjFDMzQ3LjY4NSA4NDYuODc2IDM1MC4wODcg + ODU2LjgwOSAzNTAuMDg3IDg2OC4yNjJDMzUwLjA4NyA4NzkuNzE3IDM0Ny42ODUgODg5LjY1MSAz + NDIuODgxIDg5OC4wNjZDMzM4LjA3NyA5MDYuNDgxIDMzMS41NjIgOTEyLjk5NSAzMjMuMzM1IDkx + Ny42MUMzMTUuMTA4IDkyMi4yMjUgMzA1LjgyMiA5MjQuNTMzIDI5NS40NzYgOTI0LjUzM1pNMjMw + Ljg2NyA5NjIuNDg2TDIzMC44NjcgODEzLjQ1N0wyNjEuMTI4IDgxMy40NTdMMjYxLjEyOCA4MzUu + ODk1TDI2MC41OTMgODY4LjM4NkwyNjIuNjI5IDkwMC44NzdMMjYyLjYyOSA5NjIuNDg2TDIzMC44 + NjcgOTYyLjQ4NlpNMjkwLjAxMSA4OTguNTI2QzI5NS4yODggODk4LjUyNiAzMDAuMDIgODk3LjMy + MiAzMDQuMjA5IDg5NC45MTVDMzA4LjM5OCA4OTIuNTA4IDMxMS43MzYgODg5LjAyIDMxNC4yMjUg + ODg0LjQ1MkMzMTYuNzE0IDg3OS44ODMgMzE3Ljk1OSA4NzQuNDg3IDMxNy45NTkgODY4LjI2MkMz + MTcuOTU5IDg2MS45MDEgMzE2LjcxNCA4NTYuNDU4IDMxNC4yMjUgODUxLjkzMUMzMTEuNzM2IDg0 + Ny40MDQgMzA4LjM5OCA4NDMuOTM3IDMwNC4yMDkgODQxLjUyOUMzMDAuMDIgODM5LjEyMiAyOTUu + Mjg4IDgzNy45MTkgMjkwLjAxMSA4MzcuOTE5QzI4NC43MzQgODM3LjkxOSAyODAuMDAxIDgzOS4x + MjIgMjc1LjgxMSA4NDEuNTI5QzI3MS42MjEgODQzLjkzNyAyNjguMjgyIDg0Ny40MDQgMjY1Ljc5 + MyA4NTEuOTMxQzI2My4zMDQgODU2LjQ1OCAyNjIuMDYgODYxLjkwMSAyNjIuMDYgODY4LjI2MkMy + NjIuMDYgODc0LjQ4NyAyNjMuMzA0IDg3OS44ODMgMjY1Ljc5MyA4ODQuNDUyQzI2OC4yODIgODg5 + LjAyIDI3MS42MjEgODkyLjUwOCAyNzUuODExIDg5NC45MTVDMjgwLjAwMSA4OTcuMzIyIDI4NC43 + MzQgODk4LjUyNiAyOTAuMDExIDg5OC41MjZaIiBmaWxsPSIjZjNjNjIyIiBmaWxsLXJ1bGU9Im5v + bnplcm8iIG9wYWNpdHk9IjEiIHN0cm9rZT0ibm9uZSIvPgo8cGF0aCBkPSJNMzc1LjI4NiA5MjIu + OTg3TDM3NS4yODYgODEwLjk3QzM3NS4yODYgNzk4LjYzIDM3OC45NDEgNzg4Ljc3OCAzODYuMjQ5 + IDc4MS40MTRDMzkzLjU1OCA3NzQuMDQ5IDQwNC4wMDYgNzcwLjM2NiA0MTcuNTk1IDc3MC4zNjZD + NDIyLjE1MiA3NzAuMzY2IDQyNi41ODEgNzcwLjgyOCA0MzAuODggNzcxLjc1MkM0MzUuMTc5IDc3 + Mi42NzYgNDM4LjgyIDc3NC4xMjkgNDQxLjgwNCA3NzYuMTEyTDQzMy41MTQgNzk5LjExQzQzMS43 + NzUgNzk3LjkzOSA0MjkuNzk4IDc5NyA0MjcuNTgyIDc5Ni4yOTNDNDI1LjM2NyA3OTUuNTg1IDQy + My4wNjMgNzk1LjIzMiA0MjAuNjcxIDc5NS4yMzJDNDE2LjAyMiA3OTUuMjMyIDQxMi40MzMgNzk2 + LjU1NyA0MDkuOTA1IDc5OS4yMDhDNDA3LjM3NyA4MDEuODU5IDQwNi4xMTMgODA1Ljg3NCA0MDYu + MTEzIDgxMS4yNTNMNDA2LjExMyA4MjEuNDYyTDQwNy4wNDkgODM1LjExNkw0MDcuMDQ5IDkyMi45 + ODdMMzc1LjI4NiA5MjIuOTg3Wk0zNTguMjk1IDg0MC4yNkwzNTguMjk1IDgxNS44ODJMNDM0LjI3 + NCA4MTUuODgyTDQzNC4yNzQgODQwLjI2TDM1OC4yOTUgODQwLjI2WiIgZmlsbD0iI2YzYzYyMiIg + ZmlsbC1ydWxlPSJub256ZXJvIiBvcGFjaXR5PSIxIiBzdHJva2U9Im5vbmUiLz4KPC9nPgo8ZyBv + cGFjaXR5PSIxIiB2ZWN0b3JuYXRvcjpsYXllck5hbWU9Ikdyb3VwIDE1Ij4KPHBhdGggZD0iTTYy + Mi45MDYgODExLjkxNEM2MzEuNTY4IDgxMS45MTQgNjM5LjI1OCA4MTMuNjI0IDY0NS45NzcgODE3 + LjA0NEM2NTIuNjk2IDgyMC40NjQgNjU3Ljk2OSA4MjUuNzM3IDY2MS43OTYgODMyLjg2MkM2NjUu + NjIzIDgzOS45ODcgNjY3LjUzNyA4NDkuMTQgNjY3LjUzNyA4NjAuMzIxTDY2Ny41MzcgOTIyLjk4 + N0w2MzUuNzc1IDkyMi45ODdMNjM1Ljc3NSA4NjUuMDY4QzYzNS43NzUgODU2LjI2MiA2MzMuOTQ1 + IDg0OS43NjUgNjMwLjI4NyA4NDUuNTc4QzYyNi42MjggODQxLjM5IDYyMS41MzMgODM5LjI5NiA2 + MTUuMDAxIDgzOS4yOTZDNjEwLjMyIDgzOS4yOTYgNjA2LjE1NyA4NDAuMzQzIDYwMi41MTEgODQy + LjQzOEM1OTguODY1IDg0NC41MzIgNTk2LjAyOSA4NDcuNjczIDU5NC4wMDMgODUxLjg2MUM1OTEu + OTc2IDg1Ni4wNDggNTkwLjk2MyA4NjEuNDMyIDU5MC45NjMgODY4LjAxMUw1OTAuOTYzIDkyMi45 + ODdMNTU5LjE5NyA5MjIuOTg3TDU1OS4xOTcgODY1LjA2OEM1NTkuMTk3IDg1Ni4yNjIgNTU3LjM5 + NSA4NDkuNzY1IDU1My43OTEgODQ1LjU3OEM1NTAuMTg2IDg0MS4zOSA1NDUuMDY0IDgzOS4yOTYg + NTM4LjQyMyA4MzkuMjk2QzUzMy43NDUgODM5LjI5NiA1MjkuNTgyIDg0MC4zNDMgNTI1LjkzNSA4 + NDIuNDM4QzUyMi4yODggODQ0LjUzMiA1MTkuNDUyIDg0Ny42NzMgNTE3LjQyNSA4NTEuODYxQzUx + NS4zOTkgODU2LjA0OCA1MTQuMzg1IDg2MS40MzIgNTE0LjM4NSA4NjguMDExTDUxNC4zODUgOTIy + Ljk4N0w0ODIuNjIzIDkyMi45ODdMNDgyLjYyMyA4MTMuNDU3TDUxMi44ODQgODEzLjQ1N0w1MTIu + ODg0IDg0My4zMzZMNTA3LjExOSA4MzQuNjIzQzUxMC45MTggODI3LjE4OSA1MTYuMzI1IDgyMS41 + NDYgNTIzLjM0MiA4MTcuNjkzQzUzMC4zNTkgODEzLjg0MSA1MzguMzM0IDgxMS45MTQgNTQ3LjI2 + NyA4MTEuOTE0QzU1Ny4yODYgODExLjkxNCA1NjYuMDYzIDgxNC40MzkgNTczLjU5NiA4MTkuNDg4 + QzU4MS4xMjkgODI0LjUzNiA1ODYuMTQ0IDgzMi4zMTIgNTg4LjY0IDg0Mi44MTVMNTc3LjQyIDgz + OS43MTZDNTgxLjA4MSA4MzEuMjI0IDU4Ni45MzYgODI0LjQ2NyA1OTQuOTg3IDgxOS40NDZDNjAz + LjAzOCA4MTQuNDI1IDYxMi4zNDQgODExLjkxNCA2MjIuOTA2IDgxMS45MTRaIiBmaWxsPSIjOTk5 + OTk5IiBmaWxsLXJ1bGU9Im5vbnplcm8iIG9wYWNpdHk9IjEiIHN0cm9rZT0ibm9uZSIvPgo8cGF0 + aCBkPSJNNzYzLjIzOCA5MjIuOTg3TDc2My4yMzggOTAxLjY0TDc2MS4zMzMgODk2LjgzNkw3NjEu + MzMzIDg1OC42MzhDNzYxLjMzMyA4NTEuODE2IDc1OS4yNiA4NDYuNTI5IDc1NS4xMTUgODQyLjc3 + OEM3NTAuOTY5IDgzOS4wMjcgNzQ0LjU5MSA4MzcuMTUyIDczNS45ODEgODM3LjE1MkM3MzAuMjIg + ODM3LjE1MiA3MjQuNTE2IDgzOC4wNTUgNzE4Ljg2NyA4MzkuODYxQzcxMy4yMTggODQxLjY2NyA3 + MDguMzk3IDg0NC4xMzIgNzA0LjQwMyA4NDcuMjU2TDY5My4wNjIgODI1LjE1MkM2OTkuMDg1IDgy + MC44MzQgNzA2LjI5NiA4MTcuNTQ4IDcxNC42OTQgODE1LjI5NUM3MjMuMDkzIDgxMy4wNDEgNzMx + LjYzNiA4MTEuOTE0IDc0MC4zMjMgODExLjkxNEM3NTcuMDg3IDgxMS45MTQgNzcwLjA3MyA4MTUu + ODQyIDc3OS4yODIgODIzLjY5NkM3ODguNDkgODMxLjU1MSA3OTMuMDk1IDg0My43OTMgNzkzLjA5 + NSA4NjAuNDIzTDc5My4wOTUgOTIyLjk4N0w3NjMuMjM4IDkyMi45ODdaTTcyOS45NTggOTI0LjUz + M0M3MjEuNDM5IDkyNC41MzMgNzE0LjEyNSA5MjMuMDk1IDcwOC4wMTcgOTIwLjIxOEM3MDEuOTA5 + IDkxNy4zNDEgNjk3LjIzMiA5MTMuMzkyIDY5My45ODcgOTA4LjM3QzY5MC43NDIgOTAzLjM0OSA2 + ODkuMTIgODk3LjY5IDY4OS4xMiA4OTEuMzkzQzY4OS4xMiA4ODQuOTM3IDY5MC43MDYgODc5LjI1 + OSA2OTMuODc5IDg3NC4zNTlDNjk3LjA1MiA4NjkuNDU5IDcwMi4wOTggODY1LjYxNyA3MDkuMDE3 + IDg2Mi44MzNDNzE1LjkzNyA4NjAuMDQ5IDcyNC45NjEgODU4LjY1OCA3MzYuMDg5IDg1OC42NThM + NzY1LjA3NCA4NTguNjU4TDc2NS4wNzQgODc3LjE2Nkw3MzkuNjExIDg3Ny4xNjZDNzMyLjEwMyA4 + NzcuMTY2IDcyNi45NjMgODc4LjM3NyA3MjQuMTkxIDg4MC43OThDNzIxLjQxOSA4ODMuMjE5IDcy + MC4wMzMgODg2LjMxOCA3MjAuMDMzIDg5MC4wOTVDNzIwLjAzMyA4OTQuMDY2IDcyMS42MTEgODk3 + LjI0NyA3MjQuNzY3IDg5OS42NDFDNzI3LjkyMiA5MDIuMDM0IDczMi4yNjIgOTAzLjIzMSA3Mzcu + Nzg0IDkwMy4yMzFDNzQzLjExOCA5MDMuMjMxIDc0Ny45MDcgOTAxLjk5MyA3NTIuMTUxIDg5OS41 + MThDNzU2LjM5NSA4OTcuMDQzIDc1OS40NTYgODkzLjMxOCA3NjEuMzMzIDg4OC4zNDJMNzY2LjEz + IDkwMy4wOTFDNzYzLjg3NSA5MTAuMDYgNzU5LjY5MyA5MTUuMzc2IDc1My41ODEgOTE5LjAzOUM3 + NDcuNDcgOTIyLjcwMiA3MzkuNTk2IDkyNC41MzMgNzI5Ljk1OCA5MjQuNTMzWiIgZmlsbD0iIzk5 + OTk5OSIgZmlsbC1ydWxlPSJub256ZXJvIiBvcGFjaXR5PSIxIiBzdHJva2U9Im5vbmUiLz4KPHBh + dGggZD0iTTg4OC4yMDcgODExLjkxNEM4OTYuOTIyIDgxMS45MTQgOTA0LjY5OSA4MTMuNjI0IDkx + MS41NCA4MTcuMDQ0QzkxOC4zODEgODIwLjQ2NCA5MjMuNzgzIDgyNS43MzcgOTI3Ljc0NiA4MzIu + ODYyQzkzMS43MDkgODM5Ljk4NyA5MzMuNjkgODQ5LjE0IDkzMy42OSA4NjAuMzIxTDkzMy42OSA5 + MjIuOTg3TDkwMS45MjggOTIyLjk4N0w5MDEuOTI4IDg2NS4wNjhDOTAxLjkyOCA4NTYuMjYyIDg5 + OS45OSA4NDkuNzY1IDg5Ni4xMTMgODQ1LjU3OEM4OTIuMjM2IDg0MS4zOSA4ODYuODAxIDgzOS4y + OTYgODc5LjgwOCA4MzkuMjk2Qzg3NC43MiA4MzkuMjk2IDg3MC4xNzcgODQwLjM1NiA4NjYuMTgg + ODQyLjQ3N0M4NjIuMTgyIDg0NC41OTggODU5LjA3NSA4NDcuODIgODU2Ljg1OCA4NTIuMTQyQzg1 + NC42NDIgODU2LjQ2NSA4NTMuNTM0IDg2Mi4wMjMgODUzLjUzNCA4NjguODE5TDg1My41MzQgOTIy + Ljk4N0w4MjEuNzcyIDkyMi45ODdMODIxLjc3MiA4MTMuNDU3TDg1Mi4wMzIgODEzLjQ1N0w4NTIu + MDMyIDg0My44MjNMODQ2LjM0NyA4MzQuNzAyQzg1MC4yODEgODI3LjI3MSA4NTUuOTA3IDgyMS42 + MTUgODYzLjIyMyA4MTcuNzM1Qzg3MC41MzkgODEzLjg1NSA4NzguODY3IDgxMS45MTQgODg4LjIw + NyA4MTEuOTE0WiIgZmlsbD0iIzk5OTk5OSIgZmlsbC1ydWxlPSJub256ZXJvIiBvcGFjaXR5PSIx + IiBzdHJva2U9Im5vbmUiLz4KPC9nPgo8L2c+Cjwvc3ZnPgo= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bpfman.io + resources: + - bpfprograms + verbs: + - get + - list + - watch + - apiGroups: + - bpfman.io + resources: + - configmaps/finalizers + verbs: + - update + - apiGroups: + - bpfman.io + resources: + - fentryprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bpfman.io + resources: + - fentryprograms/finalizers + verbs: + - update + - apiGroups: + - bpfman.io + resources: + - fentryprograms/status + verbs: + - get + - patch + - update + - apiGroups: + - bpfman.io + resources: + - fexitprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bpfman.io + resources: + - fexitprograms/finalizers + verbs: + - update + - apiGroups: + - bpfman.io + resources: + - fexitprograms/status + verbs: + - get + - patch + - update + - apiGroups: + - bpfman.io + resources: + - kprobeprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bpfman.io + resources: + - kprobeprograms/finalizers + verbs: + - update + - apiGroups: + - bpfman.io + resources: + - kprobeprograms/status + verbs: + - get + - patch + - update + - apiGroups: + - bpfman.io + resources: + - tcprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bpfman.io + resources: + - tcprograms/finalizers + verbs: + - update + - apiGroups: + - bpfman.io + resources: + - tcprograms/status + verbs: + - get + - patch + - update + - apiGroups: + - bpfman.io + resources: + - tracepointprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bpfman.io + resources: + - tracepointprograms/finalizers + verbs: + - update + - apiGroups: + - bpfman.io + resources: + - tracepointprograms/status + verbs: + - get + - patch + - update + - apiGroups: + - bpfman.io + resources: + - uprobeprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bpfman.io + resources: + - uprobeprograms/finalizers + verbs: + - update + - apiGroups: + - bpfman.io + resources: + - uprobeprograms/status + verbs: + - get + - patch + - update + - apiGroups: + - bpfman.io + resources: + - xdpprograms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bpfman.io + resources: + - xdpprograms/finalizers + verbs: + - update + - apiGroups: + - bpfman.io + resources: + - xdpprograms/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: bpfman-operator + deployments: + - label: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: bpfman-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: bpfman-operator + control-plane: controller-manager + name: bpfman-operator + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8174/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8175 + - --metrics-bind-address=127.0.0.1:8174 + - --leader-elect + command: + - /bpfman-operator + env: + - name: GO_LOG + value: debug + image: quay.io/bpfman/bpfman-operator:latest + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8175 + initialDelaySeconds: 15 + periodSeconds: 20 + name: bpfman-operator + readinessProbe: + httpGet: + path: /readyz + port: 8175 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: bpfman-operator + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: bpfman-operator + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - ebpf + - kubernetes + links: + - name: bpfman website + url: https://bpfman.io/ + maintainers: + - email: astoycos@redhat.com + name: Andrew Stoycos + maturity: alpha + provider: + name: The bpfman Community + url: https://bpfman.io/ + version: 0.4.1 diff --git a/bundle/manifests/bpfman-privileged-scc_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/bpfman-privileged-scc_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 000000000..02e3f1ab2 --- /dev/null +++ b/bundle/manifests/bpfman-privileged-scc_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: bpfman-privileged-scc +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: bpfman-daemon + namespace: openshift-bpfman diff --git a/bundle/manifests/bpfman-user_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/bpfman-user_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..3882206ef --- /dev/null +++ b/bundle/manifests/bpfman-user_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: bpfman-user +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - bpfman-restricted + resources: + - securitycontextconstraints + verbs: + - use diff --git a/bundle/manifests/bpfman.io_bpfprograms.yaml b/bundle/manifests/bpfman.io_bpfprograms.yaml new file mode 100644 index 000000000..306a65aef --- /dev/null +++ b/bundle/manifests/bpfman.io_bpfprograms.yaml @@ -0,0 +1,150 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: bpfprograms.bpfman.io +spec: + group: bpfman.io + names: + kind: BpfProgram + listKind: BpfProgramList + plural: bpfprograms + singular: bpfprogram + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BpfProgram is the Schema for the Bpfprograms API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BpfProgramSpec defines the desired state of BpfProgram + properties: + type: + description: Type specifies the bpf program type + type: string + type: object + status: + description: |- + BpfProgramStatus defines the observed state of BpfProgram + TODO Make these a fixed set of metav1.Condition.types and metav1.Condition.reasons + properties: + conditions: + description: |- + Conditions houses the updates regarding the actual implementation of + the bpf program on the node + Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/bpfman.io_fentryprograms.yaml b/bundle/manifests/bpfman.io_fentryprograms.yaml new file mode 100644 index 000000000..0d427148b --- /dev/null +++ b/bundle/manifests/bpfman.io_fentryprograms.yaml @@ -0,0 +1,311 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: fentryprograms.bpfman.io +spec: + group: bpfman.io + names: + kind: FentryProgram + listKind: FentryProgramList + plural: fentryprograms + singular: fentryprogram + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bpffunctionname + name: BpfFunctionName + type: string + - jsonPath: .spec.nodeselector + name: NodeSelector + type: string + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .spec.func_name + name: FunctionName + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: FentryProgram is the Schema for the FentryPrograms API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FentryProgramSpec defines the desired state of FentryProgram + properties: + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string + bytecode: + description: |- + Bytecode configures where the bpf program's bytecode should be loaded + from. + properties: + image: + description: Image used to specify a bytecode container image. + properties: + imagepullpolicy: + default: IfNotPresent + description: PullPolicy describes a policy for if/when to + pull a bytecode image. Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + imagepullsecret: + description: |- + ImagePullSecret is the name of the secret bpfman should use to get remote image + repository secrets. + properties: + name: + description: Name of the secret which contains the credentials + to access the image repository. + type: string + namespace: + description: Namespace of the secret which contains the + credentials to access the image repository. + type: string + required: + - name + - namespace + type: object + url: + description: Valid container image URL used to reference a + remote bytecode image. + type: string + required: + - url + type: object + path: + description: Path is used to specify a bytecode object via filepath. + type: string + type: object + func_name: + description: Function to attach the fentry to. + type: string + globaldata: + additionalProperties: + format: byte + type: string + description: |- + GlobalData allows the user to to set global variables when the program is loaded + with an array of raw bytes. This is a very low level primitive. The caller + is responsible for formatting the byte string appropriately considering + such things as size, endianness, alignment and packing of data structures. + type: object + mapownerselector: + description: |- + MapOwnerSelector is used to select the loaded eBPF program this eBPF program + will share a map with. The value is a label applied to the BpfProgram to select. + The selector must resolve to exactly one instance of a BpfProgram on a given node + or the eBPF program will not load. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodeselector: + description: |- + NodeSelector allows the user to specify which nodes to deploy the + bpf program to. This field must be specified, to select all nodes + use standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - bpffunctionname + - bytecode + - func_name + - nodeselector + type: object + status: + description: FentryProgramStatus defines the observed state of FentryProgram + properties: + conditions: + description: |- + Conditions houses the global cluster state for the FentryProgram. The explicit + condition types are defined internally. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/bpfman.io_fexitprograms.yaml b/bundle/manifests/bpfman.io_fexitprograms.yaml new file mode 100644 index 000000000..1d2aadea6 --- /dev/null +++ b/bundle/manifests/bpfman.io_fexitprograms.yaml @@ -0,0 +1,311 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: fexitprograms.bpfman.io +spec: + group: bpfman.io + names: + kind: FexitProgram + listKind: FexitProgramList + plural: fexitprograms + singular: fexitprogram + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bpffunctionname + name: BpfFunctionName + type: string + - jsonPath: .spec.nodeselector + name: NodeSelector + type: string + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .spec.func_name + name: FunctionName + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: FexitProgram is the Schema for the FexitPrograms API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FexitProgramSpec defines the desired state of FexitProgram + properties: + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string + bytecode: + description: |- + Bytecode configures where the bpf program's bytecode should be loaded + from. + properties: + image: + description: Image used to specify a bytecode container image. + properties: + imagepullpolicy: + default: IfNotPresent + description: PullPolicy describes a policy for if/when to + pull a bytecode image. Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + imagepullsecret: + description: |- + ImagePullSecret is the name of the secret bpfman should use to get remote image + repository secrets. + properties: + name: + description: Name of the secret which contains the credentials + to access the image repository. + type: string + namespace: + description: Namespace of the secret which contains the + credentials to access the image repository. + type: string + required: + - name + - namespace + type: object + url: + description: Valid container image URL used to reference a + remote bytecode image. + type: string + required: + - url + type: object + path: + description: Path is used to specify a bytecode object via filepath. + type: string + type: object + func_name: + description: Function to attach the fexit to. + type: string + globaldata: + additionalProperties: + format: byte + type: string + description: |- + GlobalData allows the user to to set global variables when the program is loaded + with an array of raw bytes. This is a very low level primitive. The caller + is responsible for formatting the byte string appropriately considering + such things as size, endianness, alignment and packing of data structures. + type: object + mapownerselector: + description: |- + MapOwnerSelector is used to select the loaded eBPF program this eBPF program + will share a map with. The value is a label applied to the BpfProgram to select. + The selector must resolve to exactly one instance of a BpfProgram on a given node + or the eBPF program will not load. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodeselector: + description: |- + NodeSelector allows the user to specify which nodes to deploy the + bpf program to. This field must be specified, to select all nodes + use standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - bpffunctionname + - bytecode + - func_name + - nodeselector + type: object + status: + description: FexitProgramStatus defines the observed state of FexitProgram + properties: + conditions: + description: |- + Conditions houses the global cluster state for the FexitProgram. The explicit + condition types are defined internally. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/bpfman.io_kprobeprograms.yaml b/bundle/manifests/bpfman.io_kprobeprograms.yaml new file mode 100644 index 000000000..039faf665 --- /dev/null +++ b/bundle/manifests/bpfman.io_kprobeprograms.yaml @@ -0,0 +1,333 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: kprobeprograms.bpfman.io +spec: + group: bpfman.io + names: + kind: KprobeProgram + listKind: KprobeProgramList + plural: kprobeprograms + singular: kprobeprogram + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bpffunctionname + name: BpfFunctionName + type: string + - jsonPath: .spec.nodeselector + name: NodeSelector + type: string + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .spec.func_name + name: FunctionName + priority: 1 + type: string + - jsonPath: .spec.offset + name: Offset + priority: 1 + type: integer + - jsonPath: .spec.retprobe + name: RetProbe + priority: 1 + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: KprobeProgram is the Schema for the KprobePrograms API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KprobeProgramSpec defines the desired state of KprobeProgram + properties: + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string + bytecode: + description: |- + Bytecode configures where the bpf program's bytecode should be loaded + from. + properties: + image: + description: Image used to specify a bytecode container image. + properties: + imagepullpolicy: + default: IfNotPresent + description: PullPolicy describes a policy for if/when to + pull a bytecode image. Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + imagepullsecret: + description: |- + ImagePullSecret is the name of the secret bpfman should use to get remote image + repository secrets. + properties: + name: + description: Name of the secret which contains the credentials + to access the image repository. + type: string + namespace: + description: Namespace of the secret which contains the + credentials to access the image repository. + type: string + required: + - name + - namespace + type: object + url: + description: Valid container image URL used to reference a + remote bytecode image. + type: string + required: + - url + type: object + path: + description: Path is used to specify a bytecode object via filepath. + type: string + type: object + func_name: + description: Functions to attach the kprobe to. + type: string + globaldata: + additionalProperties: + format: byte + type: string + description: |- + GlobalData allows the user to to set global variables when the program is loaded + with an array of raw bytes. This is a very low level primitive. The caller + is responsible for formatting the byte string appropriately considering + such things as size, endianness, alignment and packing of data structures. + type: object + mapownerselector: + description: |- + MapOwnerSelector is used to select the loaded eBPF program this eBPF program + will share a map with. The value is a label applied to the BpfProgram to select. + The selector must resolve to exactly one instance of a BpfProgram on a given node + or the eBPF program will not load. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodeselector: + description: |- + NodeSelector allows the user to specify which nodes to deploy the + bpf program to. This field must be specified, to select all nodes + use standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default is false + type: boolean + required: + - bpffunctionname + - bytecode + - func_name + - nodeselector + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + status: + description: KprobeProgramStatus defines the observed state of KprobeProgram + properties: + conditions: + description: |- + Conditions houses the global cluster state for the KprobeProgram. The explicit + condition types are defined internally. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/bpfman.io_tcprograms.yaml b/bundle/manifests/bpfman.io_tcprograms.yaml new file mode 100644 index 000000000..d16aa4fdb --- /dev/null +++ b/bundle/manifests/bpfman.io_tcprograms.yaml @@ -0,0 +1,379 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: tcprograms.bpfman.io +spec: + group: bpfman.io + names: + kind: TcProgram + listKind: TcProgramList + plural: tcprograms + singular: tcprogram + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bpffunctionname + name: BpfFunctionName + type: string + - jsonPath: .spec.nodeselector + name: NodeSelector + type: string + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .spec.priority + name: Priority + priority: 1 + type: string + - jsonPath: .spec.direction + name: Direction + priority: 1 + type: string + - jsonPath: .spec.interfaceselector + name: InterfaceSelector + priority: 1 + type: string + - jsonPath: .spec.proceedon + name: ProceedOn + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TcProgram is the Schema for the TcProgram API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TcProgramSpec defines the desired state of TcProgram + properties: + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string + bytecode: + description: |- + Bytecode configures where the bpf program's bytecode should be loaded + from. + properties: + image: + description: Image used to specify a bytecode container image. + properties: + imagepullpolicy: + default: IfNotPresent + description: PullPolicy describes a policy for if/when to + pull a bytecode image. Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + imagepullsecret: + description: |- + ImagePullSecret is the name of the secret bpfman should use to get remote image + repository secrets. + properties: + name: + description: Name of the secret which contains the credentials + to access the image repository. + type: string + namespace: + description: Namespace of the secret which contains the + credentials to access the image repository. + type: string + required: + - name + - namespace + type: object + url: + description: Valid container image URL used to reference a + remote bytecode image. + type: string + required: + - url + type: object + path: + description: Path is used to specify a bytecode object via filepath. + type: string + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + globaldata: + additionalProperties: + format: byte + type: string + description: |- + GlobalData allows the user to to set global variables when the program is loaded + with an array of raw bytes. This is a very low level primitive. The caller + is responsible for formatting the byte string appropriately considering + such things as size, endianness, alignment and packing of data structures. + type: object + interfaceselector: + description: Selector to determine the network interface (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface on the + node. Only 'true' accepted. + type: boolean + type: object + mapownerselector: + description: |- + MapOwnerSelector is used to select the loaded eBPF program this eBPF program + will share a map with. The value is a label applied to the BpfProgram to select. + The selector must resolve to exactly one instance of a BpfProgram on a given node + or the eBPF program will not load. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodeselector: + description: |- + NodeSelector allows the user to specify which nodes to deploy the + bpf program to. This field must be specified, to select all nodes + use standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - bpffunctionname + - bytecode + - direction + - interfaceselector + - nodeselector + - priority + type: object + status: + description: TcProgramStatus defines the observed state of TcProgram + properties: + conditions: + description: |- + Conditions houses the global cluster state for the TcProgram. The explicit + condition types are defined internally. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/bpfman.io_tracepointprograms.yaml b/bundle/manifests/bpfman.io_tracepointprograms.yaml new file mode 100644 index 000000000..853c6a4a8 --- /dev/null +++ b/bundle/manifests/bpfman.io_tracepointprograms.yaml @@ -0,0 +1,315 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: tracepointprograms.bpfman.io +spec: + group: bpfman.io + names: + kind: TracepointProgram + listKind: TracepointProgramList + plural: tracepointprograms + singular: tracepointprogram + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bpffunctionname + name: BpfFunctionName + type: string + - jsonPath: .spec.nodeselector + name: NodeSelector + type: string + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .spec.name + name: TracePoint + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TracepointProgram is the Schema for the TracepointPrograms API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TracepointProgramSpec defines the desired state of TracepointProgram + properties: + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string + bytecode: + description: |- + Bytecode configures where the bpf program's bytecode should be loaded + from. + properties: + image: + description: Image used to specify a bytecode container image. + properties: + imagepullpolicy: + default: IfNotPresent + description: PullPolicy describes a policy for if/when to + pull a bytecode image. Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + imagepullsecret: + description: |- + ImagePullSecret is the name of the secret bpfman should use to get remote image + repository secrets. + properties: + name: + description: Name of the secret which contains the credentials + to access the image repository. + type: string + namespace: + description: Namespace of the secret which contains the + credentials to access the image repository. + type: string + required: + - name + - namespace + type: object + url: + description: Valid container image URL used to reference a + remote bytecode image. + type: string + required: + - url + type: object + path: + description: Path is used to specify a bytecode object via filepath. + type: string + type: object + globaldata: + additionalProperties: + format: byte + type: string + description: |- + GlobalData allows the user to to set global variables when the program is loaded + with an array of raw bytes. This is a very low level primitive. The caller + is responsible for formatting the byte string appropriately considering + such things as size, endianness, alignment and packing of data structures. + type: object + mapownerselector: + description: |- + MapOwnerSelector is used to select the loaded eBPF program this eBPF program + will share a map with. The value is a label applied to the BpfProgram to select. + The selector must resolve to exactly one instance of a BpfProgram on a given node + or the eBPF program will not load. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + names: + description: |- + Names refers to the names of kernel tracepoints to attach the + bpf program to. + items: + type: string + type: array + nodeselector: + description: |- + NodeSelector allows the user to specify which nodes to deploy the + bpf program to. This field must be specified, to select all nodes + use standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - bpffunctionname + - bytecode + - names + - nodeselector + type: object + status: + description: TracepointProgramStatus defines the observed state of TracepointProgram + properties: + conditions: + description: |- + Conditions houses the global cluster state for the TracepointProgram. The explicit + condition types are defined internally. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/bpfman.io_uprobeprograms.yaml b/bundle/manifests/bpfman.io_uprobeprograms.yaml new file mode 100644 index 000000000..17db25e4e --- /dev/null +++ b/bundle/manifests/bpfman.io_uprobeprograms.yaml @@ -0,0 +1,414 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: uprobeprograms.bpfman.io +spec: + group: bpfman.io + names: + kind: UprobeProgram + listKind: UprobeProgramList + plural: uprobeprograms + singular: uprobeprogram + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bpffunctionname + name: BpfFunctionName + type: string + - jsonPath: .spec.nodeselector + name: NodeSelector + type: string + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .spec.func_name + name: FunctionName + priority: 1 + type: string + - jsonPath: .spec.offset + name: Offset + priority: 1 + type: integer + - jsonPath: .spec.target + name: Target + priority: 1 + type: string + - jsonPath: .spec.retprobe + name: RetProbe + priority: 1 + type: boolean + - jsonPath: .spec.pid + name: Pid + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: UprobeProgram is the Schema for the UprobePrograms API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: UprobeProgramSpec defines the desired state of UprobeProgram + properties: + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string + bytecode: + description: |- + Bytecode configures where the bpf program's bytecode should be loaded + from. + properties: + image: + description: Image used to specify a bytecode container image. + properties: + imagepullpolicy: + default: IfNotPresent + description: PullPolicy describes a policy for if/when to + pull a bytecode image. Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + imagepullsecret: + description: |- + ImagePullSecret is the name of the secret bpfman should use to get remote image + repository secrets. + properties: + name: + description: Name of the secret which contains the credentials + to access the image repository. + type: string + namespace: + description: Namespace of the secret which contains the + credentials to access the image repository. + type: string + required: + - name + - namespace + type: object + url: + description: Valid container image URL used to reference a + remote bytecode image. + type: string + required: + - url + type: object + path: + description: Path is used to specify a bytecode object via filepath. + type: string + type: object + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + globaldata: + additionalProperties: + format: byte + type: string + description: |- + GlobalData allows the user to to set global variables when the program is loaded + with an array of raw bytes. This is a very low level primitive. The caller + is responsible for formatting the byte string appropriately considering + such things as size, endianness, alignment and packing of data structures. + type: object + mapownerselector: + description: |- + MapOwnerSelector is used to select the loaded eBPF program this eBPF program + will share a map with. The value is a label applied to the BpfProgram to select. + The selector must resolve to exactly one instance of a BpfProgram on a given node + or the eBPF program will not load. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodeselector: + description: |- + NodeSelector allows the user to specify which nodes to deploy the + bpf program to. This field must be specified, to select all nodes + use standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + offset: + default: 0 + description: Offset added to the address of the function for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default is false + type: boolean + target: + description: Library name or the absolute path to a binary or library. + type: string + required: + - bpffunctionname + - bytecode + - nodeselector + - target + type: object + status: + description: UprobeProgramStatus defines the observed state of UprobeProgram + properties: + conditions: + description: |- + Conditions houses the global cluster state for the UprobeProgram. The explicit + condition types are defined internally. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/bpfman.io_xdpprograms.yaml b/bundle/manifests/bpfman.io_xdpprograms.yaml new file mode 100644 index 000000000..c84369089 --- /dev/null +++ b/bundle/manifests/bpfman.io_xdpprograms.yaml @@ -0,0 +1,358 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: xdpprograms.bpfman.io +spec: + group: bpfman.io + names: + kind: XdpProgram + listKind: XdpProgramList + plural: xdpprograms + singular: xdpprogram + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bpffunctionname + name: BpfFunctionName + type: string + - jsonPath: .spec.nodeselector + name: NodeSelector + type: string + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .spec.priority + name: Priority + priority: 1 + type: string + - jsonPath: .spec.interfaceselector + name: InterfaceSelector + priority: 1 + type: string + - jsonPath: .spec.proceedon + name: ProceedOn + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: XdpProgram is the Schema for the XdpPrograms API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: XdpProgramSpec defines the desired state of XdpProgram + properties: + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string + bytecode: + description: |- + Bytecode configures where the bpf program's bytecode should be loaded + from. + properties: + image: + description: Image used to specify a bytecode container image. + properties: + imagepullpolicy: + default: IfNotPresent + description: PullPolicy describes a policy for if/when to + pull a bytecode image. Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string + imagepullsecret: + description: |- + ImagePullSecret is the name of the secret bpfman should use to get remote image + repository secrets. + properties: + name: + description: Name of the secret which contains the credentials + to access the image repository. + type: string + namespace: + description: Namespace of the secret which contains the + credentials to access the image repository. + type: string + required: + - name + - namespace + type: object + url: + description: Valid container image URL used to reference a + remote bytecode image. + type: string + required: + - url + type: object + path: + description: Path is used to specify a bytecode object via filepath. + type: string + type: object + globaldata: + additionalProperties: + format: byte + type: string + description: |- + GlobalData allows the user to to set global variables when the program is loaded + with an array of raw bytes. This is a very low level primitive. The caller + is responsible for formatting the byte string appropriately considering + such things as size, endianness, alignment and packing of data structures. + type: object + interfaceselector: + description: Selector to determine the network interface (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface on the + node. Only 'true' accepted. + type: boolean + type: object + mapownerselector: + description: |- + MapOwnerSelector is used to select the loaded eBPF program this eBPF program + will share a map with. The value is a label applied to the BpfProgram to select. + The selector must resolve to exactly one instance of a BpfProgram on a given node + or the eBPF program will not load. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodeselector: + description: |- + NodeSelector allows the user to specify which nodes to deploy the + bpf program to. This field must be specified, to select all nodes + use standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - bpffunctionname + - bytecode + - interfaceselector + - nodeselector + - priority + type: object + status: + description: XdpProgramStatus defines the observed state of XdpProgram + properties: + conditions: + description: |- + Conditions houses the global cluster state for the XdpProgram. The explicit + condition types are defined internally. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml new file mode 100644 index 000000000..18b31e889 --- /dev/null +++ b/bundle/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: bpfman-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.27.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/bundle/metadata/dependencies.yaml b/bundle/metadata/dependencies.yaml new file mode 100644 index 000000000..1286902c9 --- /dev/null +++ b/bundle/metadata/dependencies.yaml @@ -0,0 +1,6 @@ +dependencies: + - type: olm.gvk + value: + group: security-profiles-operator.x-k8s.io + kind: SelinuxProfile + version: v1alpha2 diff --git a/bundle/tests/scorecard/config.yaml b/bundle/tests/scorecard/config.yaml new file mode 100644 index 000000000..74037b4cf --- /dev/null +++ b/bundle/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.25.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.25.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.25.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.25.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.25.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.25.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} From 44e222f0c6385479d99eabae62c0d92d23edbd05 Mon Sep 17 00:00:00 2001 From: Mohamed Mahmoud Date: Thu, 23 May 2024 09:17:36 -0400 Subject: [PATCH 2/2] add make lint target Signed-off-by: Mohamed Mahmoud --- Makefile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Makefile b/Makefile index 702a9688a..e17363508 100644 --- a/Makefile +++ b/Makefile @@ -113,6 +113,7 @@ OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk KUSTOMIZE_VERSION ?= v3.8.7 CONTROLLER_TOOLS_VERSION ?= v0.15.0 OPERATOR_SDK_VERSION ?= v1.27.0 +GOLANGCI_LINT_VERSION = v1.53.3 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" .PHONY: kustomize @@ -239,6 +240,16 @@ fmt: ## Run go fmt against code. verify: ## Verify all the autogenerated code ./hack/verify-codegen.sh +.PHONY: prereqs +prereqs: + @echo "### Test if prerequisites are met, and installing missing dependencies" + GOFLAGS="" go install github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION} + +.PHONY: lint +lint: prereqs ## Run linter (golangci-lint). + @echo "### Linting code" + golangci-lint run --timeout 5m ./... + # Use bpfman/scripts/verify-golint.sh for local linting verification # .PHONY: lint # lint: ## Run golang-ci linter