Add Bytecode image to config package

Signed-off-by: Mohamed Mahmoud <[email protected]>
netobserv · Dec 11, 2024 · 0bf61af · 0bf61af
1 parent 42caf46
commit 0bf61af
Show file tree

Hide file tree

Showing 14 changed files with 53 additions and 51 deletions.
diff --git a/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go b/apis/flowcollector/v1beta2/flowcollector_validation_webhook.go
@@ -101,6 +101,9 @@ func (r *FlowCollector) validateAgent(_ context.Context, fc *FlowCollector) (adm
 	if slices.Contains(fc.Spec.Agent.EBPF.Features, PacketDrop) && !fc.Spec.Agent.EBPF.Privileged {
 		warnings = append(warnings, "The PacketDrop feature requires eBPF Agent to run in privileged mode")
 	}
+	if slices.Contains(fc.Spec.Agent.EBPF.Features, EbpfManager) && !fc.Spec.Agent.EBPF.Privileged {
+		warnings = append(warnings, "The BPF Manager feature requires eBPF Agent to run in privileged mode")
+	}
 	var errs []error
 	if fc.Spec.Agent.EBPF.FlowFilter != nil && fc.Spec.Agent.EBPF.FlowFilter.Enable != nil && *fc.Spec.Agent.EBPF.FlowFilter.Enable {
 		hasPorts := fc.Spec.Agent.EBPF.FlowFilter.Ports.IntVal > 0 || fc.Spec.Agent.EBPF.FlowFilter.Ports.StrVal != ""

diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go
@@ -55,7 +55,7 @@ type builder struct {
 }
 
 func newBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec) builder {
-	version := helper.ExtractVersion(info.Image)
+	version := helper.ExtractVersion(info.Images[constants.ControllerBaseImageIndex])
 	advanced := helper.GetAdvancedPluginConfig(desired.ConsolePlugin.Advanced)
 	return builder{
 		info: info,
@@ -227,7 +227,7 @@ func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec {
 		Spec: corev1.PodSpec{
 			Containers: []corev1.Container{{
 				Name:            constants.PluginName,
-				Image:           b.info.Image,
+				Image:           b.info.Images[constants.ControllerBaseImageIndex],
 				ImagePullPolicy: corev1.PullPolicy(b.desired.ConsolePlugin.ImagePullPolicy),
 				Resources:       *b.desired.ConsolePlugin.Resources.DeepCopy(),
 				VolumeMounts:    b.volumes.AppendMounts(volumeMounts),

diff --git a/controllers/consoleplugin/consoleplugin_test.go b/controllers/consoleplugin/consoleplugin_test.go
@@ -111,7 +111,7 @@ func getAutoScalerSpecs() (ascv2.HorizontalPodAutoscaler, flowslatest.FlowCollec
 
 func getBuilder(spec *flowslatest.FlowCollectorSpec, lk *helper.LokiConfig) builder {
 	info := reconcilers.Common{Namespace: testNamespace, Loki: lk, ClusterInfo: &cluster.Info{}}
-	b := newBuilder(info.NewInstance(testImage, status.Instance{}), spec)
+	b := newBuilder(info.NewInstance([]string{testImage}, status.Instance{}), spec)
 	_, _, _ = b.configMap(context.Background()) // build configmap to update builder's volumes
 	return b
 }
@@ -144,7 +144,7 @@ func TestContainerUpdateCheck(t *testing.T) {
 	old = nEw
 
 	// new image
-	builder.info.Image = "quay.io/netobserv/network-observability-console-plugin:latest"
+	builder.info.Images[constants.ControllerBaseImageIndex] = "quay.io/netobserv/network-observability-console-plugin:latest"
 	nEw = builder.deployment("digest")
 	report = helper.NewChangeReport("")
 	assert.True(helper.PodChanged(&old.Spec.Template, &nEw.Spec.Template, constants.PluginName, &report))

diff --git a/controllers/constants/constants.go b/controllers/constants/constants.go
@@ -50,7 +50,9 @@ const (
 	LokiCRReader  = "netobserv-reader"
 	PromCRReader  = "netobserv-metrics-reader"
 
-	EnvTestConsole = "TEST_CONSOLE"
+	ControllerBaseImageIndex    = 0
+	EBPFAgentByteCodeImageIndex = 1
+	EnvTestConsole              = "TEST_CONSOLE"
 )
 
 var FlowCollectorName = types.NamespacedName{Name: "cluster"}

diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go
@@ -114,8 +114,6 @@ const (
 	defaultDNSTrackingPort = "53"
 	bpfmanMapsVolumeName   = "bpfman-maps"
 	bpfManBpfFSPath        = "/run/netobserv/maps"
-	mapsVolumeName         = "bpf-maps"
-	bpfFsPath              = "/sys/fs/bpf"
 )
 
 // AgentController reconciles the status of the eBPF agent Daemonset, as well as the
@@ -253,7 +251,7 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
 	if coll == nil {
 		return nil, nil
 	}
-	version := helper.ExtractVersion(c.Image)
+	version := helper.ExtractVersion(c.Images[constants.ControllerBaseImageIndex])
 	annotations := make(map[string]string)
 	env, err := c.envConfig(ctx, coll, annotations)
 	if err != nil {
@@ -377,29 +375,25 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
 	}
 
 	if helper.IsAgentFeatureEnabled(&coll.Spec.Agent.EBPF, flowslatest.EbpfManager) {
-		if !coll.Spec.Agent.EBPF.Privileged {
-			rlog.Error(fmt.Errorf("invalid configuration"), "To enable BPF Manager feature privileged mode needs to be enabled")
-		} else {
-			volume := corev1.Volume{
-				Name: bpfmanMapsVolumeName,
-				VolumeSource: corev1.VolumeSource{
-					CSI: &corev1.CSIVolumeSource{
-						Driver: "csi.bpfman.io",
-						VolumeAttributes: map[string]string{
-							"csi.bpfman.io/program": "netobserv",
-							"csi.bpfman.io/maps":    "aggregated_flows,direct_flows,dns_flows,filter_map,global_counters,packet_record",
-						},
+		volume := corev1.Volume{
+			Name: bpfmanMapsVolumeName,
+			VolumeSource: corev1.VolumeSource{
+				CSI: &corev1.CSIVolumeSource{
+					Driver: "csi.bpfman.io",
+					VolumeAttributes: map[string]string{
+						"csi.bpfman.io/program": "netobserv",
+						"csi.bpfman.io/maps":    "aggregated_flows,direct_flows,dns_flows,filter_map,global_counters,packet_record",
 					},
 				},
-			}
-			volumes = append(volumes, volume)
-			volumeMount := corev1.VolumeMount{
-				Name:             bpfmanMapsVolumeName,
-				MountPath:        bpfManBpfFSPath,
-				MountPropagation: newMountPropagationMode(corev1.MountPropagationBidirectional),
-			}
-			volumeMounts = append(volumeMounts, volumeMount)
+			},
 		}
+		volumes = append(volumes, volume)
+		volumeMount := corev1.VolumeMount{
+			Name:             bpfmanMapsVolumeName,
+			MountPath:        bpfManBpfFSPath,
+			MountPropagation: newMountPropagationMode(corev1.MountPropagationBidirectional),
+		}
+		volumeMounts = append(volumeMounts, volumeMount)
 	}
 
 	advancedConfig := helper.GetAdvancedAgentConfig(coll.Spec.Agent.EBPF.Advanced)
@@ -430,7 +424,7 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
 					Volumes:            volumes,
 					Containers: []corev1.Container{{
 						Name:            constants.EBPFAgentName,
-						Image:           c.Image,
+						Image:           c.Images[constants.ControllerBaseImageIndex],
 						ImagePullPolicy: corev1.PullPolicy(coll.Spec.Agent.EBPF.ImagePullPolicy),
 						Resources:       coll.Spec.Agent.EBPF.Resources,
 						SecurityContext: c.securityContext(coll),

diff --git a/controllers/ebpf/bpfmanager-controller.go b/controllers/ebpf/bpfmanager-controller.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/binary"
 	"fmt"
+	"github.com/netobserv/network-observability-operator/controllers/constants"
 	"github.com/netobserv/network-observability-operator/pkg/helper"
 	"github.com/sirupsen/logrus"
 
@@ -17,8 +18,7 @@ import (
 )
 
 const (
-	netobservApp     = "netobserv"
-	netobservBCImage = "quay.io/netobserv/ebpf-bytecode:latest"
+	netobservApp = "netobserv"
 )
 
 // bpfmanDetachNetobserv find BpfmanApplication object with all required ebpf hooks and detaches them using bpfman manager
@@ -63,7 +63,7 @@ func (c *AgentController) bpfmanAttachNetobserv(ctx context.Context, fc *flowsla
 	err = c.Get(ctx, key, &bpfApp)
 	if err != nil {
 		if errors.IsNotFound(err) {
-			prepareBpfApplication(&bpfApp, fc)
+			prepareBpfApplication(&bpfApp, fc, c.Images[constants.EBPFAgentByteCodeImageIndex])
 			err = c.createBpfApplication(ctx, &bpfApp)
 			if err != nil {
 				return fmt.Errorf("failed to create BpfApplication: %w for obj: %s", err, fc.Name)
@@ -73,7 +73,7 @@ func (c *AgentController) bpfmanAttachNetobserv(ctx context.Context, fc *flowsla
 		}
 	} else {
 		// object exists repopulate it with the new configuration and update it
-		prepareBpfApplication(&bpfApp, fc)
+		prepareBpfApplication(&bpfApp, fc, c.Images[constants.EBPFAgentByteCodeImageIndex])
 		err = c.updateBpfApplication(ctx, &bpfApp)
 		if err != nil {
 			return fmt.Errorf("failed to update BpfApplication: %w for obj: %s", err, fc.Name)
@@ -83,7 +83,7 @@ func (c *AgentController) bpfmanAttachNetobserv(ctx context.Context, fc *flowsla
 	return err
 }
 
-func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.BpfApplication, fc *flowslatest.FlowCollector) {
+func prepareBpfApplication(bpfApp *bpfmaniov1alpha1.BpfApplication, fc *flowslatest.FlowCollector, netobservBCImage string) {
 	interfaces := fc.Spec.Agent.EBPF.Interfaces
 
 	samplingValue := make([]byte, 4)

diff --git a/controllers/flowcollector_controller.go b/controllers/flowcollector_controller.go
@@ -133,7 +133,7 @@ func (r *FlowCollectorReconciler) reconcile(ctx context.Context, clh *helper.Cli
 	r.watcher.Reset(ns)
 
 	// Create reconcilers
-	cpReconciler := consoleplugin.NewReconciler(reconcilersInfo.NewInstance(r.mgr.Config.ConsolePluginImage, r.status))
+	cpReconciler := consoleplugin.NewReconciler(reconcilersInfo.NewInstance([]string{r.mgr.Config.ConsolePluginImage}, r.status))
 
 	// Check namespace changed
 	if ns != previousNamespace {
@@ -151,7 +151,7 @@ func (r *FlowCollectorReconciler) reconcile(ctx context.Context, clh *helper.Cli
 	}
 
 	// eBPF agent
-	ebpfAgentController := ebpf.NewAgentController(reconcilersInfo.NewInstance(r.mgr.Config.EBPFAgentImage, r.status))
+	ebpfAgentController := ebpf.NewAgentController(reconcilersInfo.NewInstance([]string{r.mgr.Config.EBPFAgentImage, r.mgr.Config.EBPFByteCodeImage}, r.status))
 	if err := ebpfAgentController.Reconcile(ctx, desired); err != nil {
 		return r.status.Error("ReconcileAgentFailed", err)
 	}

diff --git a/controllers/flp/flp_common_objects.go b/controllers/flp/flp_common_objects.go
@@ -68,7 +68,7 @@ type Builder struct {
 type builder = Builder
 
 func NewBuilder(info *reconcilers.Instance, desired *flowslatest.FlowCollectorSpec, flowMetrics *metricslatest.FlowMetricList, detectedSubnets []flowslatest.SubnetLabel, ck ConfKind) (Builder, error) {
-	version := helper.ExtractVersion(info.Image)
+	version := helper.ExtractVersion(info.Images[constants.ControllerBaseImageIndex])
 	name := name(ck)
 	var promTLS *flowslatest.CertificateReference
 	switch desired.Processor.Metrics.Server.TLS.Type {
@@ -203,7 +203,7 @@ func (b *builder) podTemplate(hasHostPort, hostNetwork bool, annotations map[str
 
 	container := corev1.Container{
 		Name:            constants.FLPName,
-		Image:           b.info.Image,
+		Image:           b.info.Images[constants.ControllerBaseImageIndex],
 		ImagePullPolicy: corev1.PullPolicy(b.desired.Processor.ImagePullPolicy),
 		Args:            []string{fmt.Sprintf(`--config=%s/%s`, configPath, configFile)},
 		Resources:       *b.desired.Processor.Resources.DeepCopy(),

diff --git a/controllers/flp/flp_controller.go b/controllers/flp/flp_controller.go
@@ -151,8 +151,8 @@ func (r *Reconciler) reconcile(ctx context.Context, clh *helper.Client, fc *flow
 	// TODO: refactor to move these subReconciler allocations in `Start`. It will involve some decoupling work, as currently
 	// `reconcilers.Common` is dependent on the FlowCollector object, which isn't known at start time.
 	reconcilers := []subReconciler{
-		newMonolithReconciler(cmn.NewInstance(r.mgr.Config.FlowlogsPipelineImage, r.mgr.Status.ForComponent(status.FLPMonolith))),
-		newTransformerReconciler(cmn.NewInstance(r.mgr.Config.FlowlogsPipelineImage, r.mgr.Status.ForComponent(status.FLPTransformOnly))),
+		newMonolithReconciler(cmn.NewInstance([]string{r.mgr.Config.FlowlogsPipelineImage}, r.mgr.Status.ForComponent(status.FLPMonolith))),
+		newTransformerReconciler(cmn.NewInstance([]string{r.mgr.Config.FlowlogsPipelineImage}, r.mgr.Status.ForComponent(status.FLPTransformOnly))),
 	}
 
 	// Check namespace changed

diff --git a/controllers/flp/flp_test.go b/controllers/flp/flp_test.go
@@ -170,14 +170,14 @@ func getAutoScalerSpecs() (ascv2.HorizontalPodAutoscaler, flowslatest.FlowCollec
 func monoBuilder(ns string, cfg *flowslatest.FlowCollectorSpec) monolithBuilder {
 	loki := helper.NewLokiConfig(&cfg.Loki, "any")
 	info := reconcilers.Common{Namespace: ns, Loki: &loki, ClusterInfo: &cluster.Info{}}
-	b, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil)
+	b, _ := newMonolithBuilder(info.NewInstance([]string{image}, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil)
 	return b
 }
 
 func transfBuilder(ns string, cfg *flowslatest.FlowCollectorSpec) transfoBuilder {
 	loki := helper.NewLokiConfig(&cfg.Loki, "any")
 	info := reconcilers.Common{Namespace: ns, Loki: &loki, ClusterInfo: &cluster.Info{}}
-	b, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil)
+	b, _ := newTransfoBuilder(info.NewInstance([]string{image}, status.Instance{}), cfg, &metricslatest.FlowMetricList{}, nil)
 	return b
 }
 
@@ -552,15 +552,15 @@ func TestServiceMonitorChanged(t *testing.T) {
 
 	// Check labels change
 	info := reconcilers.Common{Namespace: "namespace2", ClusterInfo: &cluster.Info{}}
-	b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil)
+	b, _ = newMonolithBuilder(info.NewInstance([]string{image2}, status.Instance{}), &cfg, b.generic.flowMetrics, nil)
 	third := b.generic.serviceMonitor()
 
 	report = helper.NewChangeReport("")
 	assert.True(helper.ServiceMonitorChanged(second, third, &report))
 	assert.Contains(report.String(), "ServiceMonitor labels changed")
 
 	// Check scheme changed
-	b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil)
+	b, _ = newMonolithBuilder(info.NewInstance([]string{image2}, status.Instance{}), &cfg, b.generic.flowMetrics, nil)
 	fourth := b.generic.serviceMonitor()
 	fourth.Spec.Endpoints[0].Scheme = "https"
 
@@ -605,7 +605,7 @@ func TestPrometheusRuleChanged(t *testing.T) {
 
 	// Check labels change
 	info := reconcilers.Common{Namespace: "namespace2", ClusterInfo: &cluster.Info{}}
-	b, _ = newMonolithBuilder(info.NewInstance(image2, status.Instance{}), &cfg, b.generic.flowMetrics, nil)
+	b, _ = newMonolithBuilder(info.NewInstance([]string{image2}, status.Instance{}), &cfg, b.generic.flowMetrics, nil)
 	third := b.generic.prometheusRule()
 
 	report = helper.NewChangeReport("")
@@ -754,8 +754,8 @@ func TestLabels(t *testing.T) {
 
 	cfg := getConfig()
 	info := reconcilers.Common{Namespace: "ns", ClusterInfo: &cluster.Info{}}
-	builder, _ := newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil)
-	tBuilder, _ := newTransfoBuilder(info.NewInstance(image, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil)
+	builder, _ := newMonolithBuilder(info.NewInstance([]string{image}, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil)
+	tBuilder, _ := newTransfoBuilder(info.NewInstance([]string{image}, status.Instance{}), &cfg, &metricslatest.FlowMetricList{}, nil)
 
 	// Deployment
 	depl := tBuilder.deployment(annotate("digest"))

diff --git a/controllers/flp/metrics_api_test.go b/controllers/flp/metrics_api_test.go
@@ -35,7 +35,7 @@ func defaultBuilderWithMetrics(metrics *metricslatest.FlowMetricList) (monolithB
 	cfg := getConfig()
 	loki := helper.NewLokiConfig(&cfg.Loki, "any")
 	info := reconcilers.Common{Namespace: "namespace", Loki: &loki, ClusterInfo: &cluster.Info{}}
-	return newMonolithBuilder(info.NewInstance(image, status.Instance{}), &cfg, metrics, nil)
+	return newMonolithBuilder(info.NewInstance([]string{image}, status.Instance{}), &cfg, metrics, nil)
 }
 
 func metric(metrics api.MetricsItems, name string) *api.MetricsItem {

diff --git a/controllers/reconcilers/common.go b/controllers/reconcilers/common.go
@@ -33,16 +33,16 @@ func (c *Common) PreviousPrivilegedNamespace() string {
 type Instance struct {
 	*Common
 	Managed *NamespacedObjectManager
-	Image   string
+	Images  []string
 	Status  status.Instance
 }
 
-func (c *Common) NewInstance(image string, st status.Instance) *Instance {
+func (c *Common) NewInstance(images []string, st status.Instance) *Instance {
 	managed := NewNamespacedObjectManager(c)
 	return &Instance{
 		Common:  c,
 		Managed: managed,
-		Image:   image,
+		Images:  images,
 		Status:  st,
 	}
 }

diff --git a/main.go b/main.go
@@ -104,6 +104,7 @@ func main() {
 	flag.StringVar(&config.EBPFAgentImage, "ebpf-agent-image", "quay.io/netobserv/netobserv-ebpf-agent:main", "The image of the eBPF agent")
 	flag.StringVar(&config.FlowlogsPipelineImage, "flowlogs-pipeline-image", "quay.io/netobserv/flowlogs-pipeline:main", "The image of Flowlogs Pipeline")
 	flag.StringVar(&config.ConsolePluginImage, "console-plugin-image", "quay.io/netobserv/network-observability-console-plugin:main", "The image of the Console Plugin")
+	flag.StringVar(&config.EBPFByteCodeImage, "ebpf-bytecode-image", "quay.io/netobserv/ebpf-bytecode:main", "The EBPF bytecode for the eBPF agent")
 	flag.BoolVar(&config.DownstreamDeployment, "downstream-deployment", false, "Either this deployment is a downstream deployment ot not")
 	flag.BoolVar(&enableHTTP2, "enable-http2", enableHTTP2, "If HTTP/2 should be enabled for the metrics and webhook servers.")
 	flag.BoolVar(&versionFlag, "v", false, "print version")

diff --git a/pkg/manager/config.go b/pkg/manager/config.go
@@ -12,6 +12,8 @@ type Config struct {
 	FlowlogsPipelineImage string
 	// ConsolePluginImage is the image of the Console Plugin that is managed by the operator
 	ConsolePluginImage string
+	// EBPFByteCodeImage is the ebpf byte code image used by EBPF Manager
+	EBPFByteCodeImage string
 	// Release kind is either upstream or downstream
 	DownstreamDeployment bool
 }