Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Support for Network Namespace Selection in XDP, TC, and TCX Programs #411

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

WIP: Support for Network Namespace Selection in XDP, TC, and TCX Programs #411

wants to merge 2 commits into from

Conversation

anfredette
Copy link
Contributor

@anfredette anfredette commented Mar 6, 2025
edited
Loading

In support of issue #410, this proposal introduces optional network namespace selection for XDP, TC, and TCX programs, allowing users to specify where these programs should attach.

Changes:

  1. Cluster-scoped ClusterBpfApplication

    • Users can specify a network namespace either by:
      • Pod selector (to select a pod’s network namespace).
      • Explicit path to the network namespace file (e.g., /proc/<pid>/ns/net or /var/run/netns/<ns_name>).

  2. Namespace-scoped BpfApplication

    • Users can specify a network namespace only using a pod selector (limited to pods within the same Kubernetes namespace).

This approach ensures flexibility for cluster-wide applications while maintaining namespace isolation where required.

@anfredette
WIP: API proposal for network namespace selector
5ed2627 
In support of issue bpfman#410

Signed-off-by: Andre Fredette <afredette@redhat.com>
@anfredette anfredette changed the title WIP: API proposal for network namespace selector WIP: Support for Network Namespace Selection in XDP, TC, and TCX Programs Mar 6, 2025
@anfredette anfredette marked this pull request as draft March 6, 2025 20:39
msherif1234
msherif1234 reviewed Mar 6, 2025
View reviewed changes
Copy link
Contributor

@msherif1234 msherif1234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for namespace resources if application wanted to monitor specific netns won't we need the path iin those apis too ?

apis/v1alpha1/shared_types.go
// NamespacePath explicitly specifies a network namespace path (e.g.,
// /proc/<pid>/ns/net or /var/run/netns/<name>)
// +optional
NamespacePath *string `json:"namespacePath,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why *string as oppose to just string ?

@anfredette anfredette mentioned this pull request Mar 8, 2025
Draft
@anfredette
Initial implementation.
25793ce 
More testing needed.  Using an explicit NamespacePath not tested.

Also, I'd like to make ClNetworkNamespaceSelector and
ClNetworkNamespaceSelector more similar.

Signed-off-by: Andre Fredette <afredette@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msherif1234 msherif1234 msherif1234 left review comments

@dave-tucker dave-tucker Awaiting requested review from dave-tucker

@Billy99 Billy99 Awaiting requested review from Billy99

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anfredette @msherif1234